CVE-2021-20310 — Divide By Zero in Imagemagick
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 24
Description
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6