ImageMagick Vulnerability Affects Processing of Crafting Image Files
CVE-2021-20311

7.5HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 11 May 2021

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2021-20311?

A division by zero vulnerability was identified in ImageMagick's sRGBTransformImage() function within the MagickCore/colorspace.c module. This flaw could be exploited by an attacker who submits a specially crafted image file, potentially leading to undefined behavior in applications that utilize ImageMagick for image processing. The vulnerability primarily poses a risk to the availability of systems running vulnerable versions of ImageMagick.

Affected Version(s)

ImageMagick ImageMagick 7.0.11

References

https://bugzilla.redhat.com/show_bug.cgi?id=1946739

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Dec 17, 2020

JSON