CVE-2021-20244

Published: 9 March 2021

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Notes

Author	Note
debian	In IM6 the code seems to be in magick/fx.c
rayveldkamp	imagemagick is in universe from focal onwards

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	hirsute	Ignored (end of life)
	focal	Released (8:6.9.10.23+dfsg-2.1ubuntu11.9)
	impish	Ignored (end of life)
	jammy	Released (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm1) Available with Ubuntu Pro
	bionic	Released (8:6.9.7.4+dfsg-16ubuntu6.12)
	groovy	Ignored (end of life)
	kinetic	Released (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1)
	lunar	Released (8:6.9.11.60+dfsg-1.3ubuntu1)
	trusty	Released (8:6.7.7.10-6ubuntu3.13+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needs triage
	xenial	Released (8:6.8.9.9-7ubuntu5.16+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	mantic	Released (8:6.9.11.60+dfsg-1.3ubuntu1)
	Patches: upstream: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d upstream: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›