What is the severity of CVE-2021-20243?

The severity of CVE-2021-20243 is medium with a severity value of 5.5.

How does CVE-2021-20243 affect ImageMagick?

CVE-2021-20243 affects ImageMagick versions 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+, 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1, 8:6.9.11.60+dfsg-1.3ubuntu1, 8:6.7.7.10-6ubuntu3.13+, and 8:6.8.9.9-7ubuntu5.16+.

How can an attacker exploit CVE-2021-20243?

An attacker can exploit CVE-2021-20243 by submitting a crafted file that is processed by ImageMagick, triggering undefined behavior in the form of math division by zero.

How can I fix CVE-2021-20243 on Ubuntu?

To fix CVE-2021-20243 on Ubuntu, upgrade ImageMagick to versions 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+, 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1, or 8:6.9.11.60+dfsg-1.3ubuntu1 depending on your Ubuntu version.

Is there a fix available for CVE-2021-20243 on Debian?

Yes, there is a fix available for CVE-2021-20243 on Debian. Upgrade ImageMagick to versions 8:6.9.10.23+dfsg-2.1+deb10u5 or 8:6.9.11.60+dfsg-1.6 depending on your Debian version.

Vulnerability/
CVE-2021-20243

medium

5.5

CWE

369

15/2/2021

9/3/2021

21/11/2024

CVE-2021-20243: Divide by Zero

First published: Mon Feb 15 2021(Updated: )

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	<7.0.10-62
Debian Debian Linux	=9.0
redhat/ImageMagick 7.0.10	<62	62
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.43+dfsg1-1
Debian	=9.0

Remedy

https://github.com/ImageMagick/ImageMagick/pull/3193

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-20243?
The severity of CVE-2021-20243 is medium with a severity value of 5.5.
How does CVE-2021-20243 affect ImageMagick?
CVE-2021-20243 affects ImageMagick versions 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+, 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1, 8:6.9.11.60+dfsg-1.3ubuntu1, 8:6.7.7.10-6ubuntu3.13+, and 8:6.8.9.9-7ubuntu5.16+.
How can an attacker exploit CVE-2021-20243?
An attacker can exploit CVE-2021-20243 by submitting a crafted file that is processed by ImageMagick, triggering undefined behavior in the form of math division by zero.
How can I fix CVE-2021-20243 on Ubuntu?
To fix CVE-2021-20243 on Ubuntu, upgrade ImageMagick to versions 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+, 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1, or 8:6.9.11.60+dfsg-1.3ubuntu1 depending on your Ubuntu version.
Is there a fix available for CVE-2021-20243 on Debian?
Yes, there is a fix available for CVE-2021-20243 on Debian. Upgrade ImageMagick to versions 8:6.9.10.23+dfsg-2.1+deb10u5 or 8:6.9.11.60+dfsg-1.6 depending on your Debian version.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-20243
agent/software-canonical-lookup
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
agent/remedy
agent/references
agent/trending
collector/usn-cve
source/Ubuntu
agent/description
agent/event
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
vendor/imagemagick
canonical/imagemagick imagemagick
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
package-manager/redhat
package-manager/debian
canonical/debian
version/debian/9.0