CVE-2021-20311

HIGH

Imagemagick < 7.0.11-0 - Divide By Zero

Title source: rule

Description

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0013
EPSS Percentile 31.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-369
Status published

Affected Products (1)

imagemagick/imagemagick < 7.0.11-0

Timeline

Published May 11, 2021
Tracked Since Feb 18, 2026