CVE-2021-20309

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.11 ImageMagick versions prior to 6.9.12

Description A flaw was found in ImageMagick where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this issue is to system availability. Exploitation of this flaw may allow a remote attacker to cause a denial of service using a specially crafted image file.

Recommendations For versions prior to 7.0.11, update to version 7.0.11 or later. For versions prior to 6.9.12, update to version 6.9.12 or later. As a temporary workaround, consider disabling the WaveImage() function in MagickCore/visual-effects.c until a patch is available.

Exploit

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2021-1438

ALT-PU-2024-2243

BDU:2021-05277

CVE-2021-20309

DLA-2672-1

DLA-3429-1

MGASA-2022-0446

OESA-2021-1198

OPENSUSE-SU-2021:0606-1

OPENSUSE-SU-2021_0606-1

SUSE-SU-2021:1276-1

SUSE-SU-2021:1277-1

SUSE-SU-2021_1276-1

SUSE-SU-2021_1277-1

SUSE-SU-2023:4634-1

USN-5158-1

USN-5736-1

USN-5736-2

USN-6200-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2021-20309

Weakness Enumeration

Related Identifiers

Affected Products

References · 145