Home

CVE-2021-20176

Description

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.13

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Imagemagic (x64) 7.0.10Windows
Multiple Vulnerabilities are affected in Imagemagic 7.0.10Windows
Multiple Vulnerabilities are affected in ImageMagick 7.0.10Windows
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-SUSE-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-upstream-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debuginfo-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debugsource-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-6.8.8.1-71.159.2.x86_64.rpmLinux
SUSE-SU-2021:0528-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.159.2.x86_64.rpmLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.7.4+dfsg-16ubuntu6.11_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.7.4+dfsg-16ubuntu6.11_amd64.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-3_6.9.7.4+dfsg-16ubuntu6.11_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-3_6.9.7.4+dfsg-16ubuntu6.11_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234