Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-20309

Опубликовано: 11 мая 2021
Источник: debian

Описание

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.12.20+dfsg1-1experimentalpackage
imagemagickfixed8:6.9.11.60+dfsg-1.5package
imagemagickfixed8:6.9.11.60+dfsg-1.3+deb11u2bullseyepackage

Примечания

  • ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311

  • ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f

Связанные уязвимости

ubuntu логотип

CVE-2021-20309

CVSS3: 7.5
ubuntu
больше 4 лет назад

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-20309

CVSS3: 5.3
redhat
почти 5 лет назад

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20309

CVSS3: 7.5
nvd
больше 4 лет назад

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

github логотип

GHSA-vfcg-3f47-8mgm

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-05277

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость функции WaveImage() компонента MagickCore/visual-effects.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании