CVE-2021-20243

Published: Mar 9, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Affected (2)

Products: Imagemagick: Imagemagick · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 7.0.10-62

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

The product divides a value by zero.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1928958

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/pull/3193

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1928958

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/pull/3193

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.