First published: Tue Apr 06 2021(Updated: )
A flaw was found in ImageMagick before version 7.0.11 and 6.9.12. A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via crafted image file. Upstream issue: <a href="https://github.com/ImageMagick/ImageMagick/issues/3296">https://github.com/ImageMagick/ImageMagick/issues/3296</a> Upstream patch: <a href="https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311">https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311</a> <a href="https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f">https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.12 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.11-0 | |
Debian Debian Linux | =9.0 | |
redhat/ImageMagick | <7.0.11 | 7.0.11 |
redhat/ImageMagick | <6.9.12 | 6.9.12 |
debian/imagemagick | <=8:6.9.10.23+dfsg-2.1+deb10u1 | 8:6.9.10.23+dfsg-2.1+deb10u7 8:6.9.11.60+dfsg-1.3+deb11u2 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.12.98+dfsg1-5 8:6.9.12.98+dfsg1-5.2 |
ubuntu/imagemagick | <8:6.9.7.4+dfsg-16ubuntu6.12 | 8:6.9.7.4+dfsg-16ubuntu6.12 |
ubuntu/imagemagick | <8:6.9.10.23+dfsg-2.1ubuntu11.9 | 8:6.9.10.23+dfsg-2.1ubuntu11.9 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+ | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+ |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1 | 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu1 | 8:6.9.11.60+dfsg-1.3ubuntu1 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu1 | 8:6.9.11.60+dfsg-1.3ubuntu1 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu1 | 8:6.9.11.60+dfsg-1.3ubuntu1 |
ubuntu/imagemagick | <8:6.7.7.10-6ubuntu3.13+ | 8:6.7.7.10-6ubuntu3.13+ |
ubuntu/imagemagick | <8:6.8.9.9-7ubuntu5.16+ | 8:6.8.9.9-7ubuntu5.16+ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20309 is a vulnerability found in ImageMagick versions before 7.0.11 and before 6.9.12.
The severity of the CVE-2021-20309 vulnerability is high, with a CVSS score of 7.5.
The CVE-2021-20309 vulnerability occurs due to a division by zero in the WaveImage() function of ImageMagick's visual-effects.c file.
ImageMagick versions before 7.0.11 and before 6.9.12 are affected by CVE-2021-20309.
Yes, there are remediation measures available. Please refer to the official Ubuntu and Debian security notices for specific version updates and fixes.