CVE-2020-27756
MEDIUMImageMagick 6.9.9-34-6.9.10-69 - Denial of Service via Divide-by-Zero in ParseMetaGeometry
Title source: llmDescription
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
References (2)
Core 2
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1894233
Scores
CVSS v3
5.5
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-369
Status
published
Products (1)
imagemagick/imagemagick
6.9.9-34 - 6.9.10-69
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026