CVE-2021-20311

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.11

Description: A flaw in ImageMagick may trigger undefined behavior via a crafted image file, potentially affecting system availability. The issue arises from a division by zero in the sRGBTransformImage() function in the MagickCore/colorspace.c file when an attacker-submitted image is processed.

Recommendations: For versions prior to 7.0.11, update to version 7.0.11 or later to resolve the issue.

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2023-5309

CVE-2021-20311

ECHO-F25E-21CB-E4A2

MGASA-2022-0446

OESA-2021-1198

OPENSUSE-SU-2021:0606-1

OPENSUSE-SU-2021_0606-1

SUSE-SU-2021:1276-1

SUSE-SU-2021:1277-1

SUSE-SU-2023:4634-1

Affected Products

Alt Linux

Astra Linux

Debian

Imagemagick

Suse

CVE-2021-20311

Weakness Enumeration

Related Identifiers

Affected Products

References · 86