CVE-2021-20310

HIGH

Imagemagick < 7.0.11-0 - Divide By Zero

Title source: rule

Description

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 60.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-369
Status published

Affected Products (1)

imagemagick/imagemagick < 7.0.11-0

Timeline

Published May 11, 2021
Tracked Since Feb 18, 2026