Vulnerabilities > CVE-2021-20310 - Divide By Zero vulnerability in Imagemagick

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
imagemagick
CWE-369

Summary

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1396

Common Weakness Enumeration (CWE)