Home

CVE-2021-20311

Description

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.125

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-20309,CVE-2021-20310,CVE-2021-20311,CVE-2021-20312,CVE-2021-20313 are affected in Imagemagic (x64) 7.0.9.0(x64)Windows
Vulnerabilities CVE-2021-20309,CVE-2021-20310,CVE-2021-20311,CVE-2021-20312,CVE-2021-20313 are affected in Imagemagick 7.0.9.0Windows
Multiple Vulnerabilities are affected in ImageMagick 7.0.10Windows
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-SUSE-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-upstream-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debuginfo-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debugsource-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-6.8.8.1-71.165.1.x86_64.rpmLinux
SUSE-SU-2021:1277-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.165.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234