CVE-2021-20310

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.11

Description A flaw in ImageMagick may trigger undefined behavior via a crafted image file, potentially leading to system availability issues. The issue is related to a division by zero in the ConvertXYZToJzazbz() function of MagickCore/colorspace.c. An attacker could exploit this by submitting a specially crafted image file to an application using ImageMagick, potentially causing a denial of service.

Recommendations For versions prior to 7.0.11, update to version 7.0.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ConvertXYZToJzazbz() function until a patch is applied. Avoid processing untrusted image files with ImageMagick until the issue is resolved.