CVE-2021-20244

NameCVE-2021-20244
DescriptionA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2602-1
Debian Bugs1013282

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imagemagick (PTS)buster, buster (security)8:6.9.10.23+dfsg-2.1+deb10u1vulnerable
bookworm, sid, bullseye8:6.9.11.60+dfsg-1.3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imagemagicksourceexperimental8:6.9.12.20+dfsg1-1
imagemagicksourcestretch8:6.9.7.4+dfsg-11+deb9u12DLA-2602-1
imagemagicksource(unstable)(unfixed)1013282

Notes

[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
https://github.com/ImageMagick/ImageMagick/pull/3194
ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02

Search for package or bug name: Reporting problems