A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56. References: https://github.com/ImageMagick/ImageMagick/issues/3077
Acknowledgments: Name: Zhang Xiaohui (Renmin University of China)
setting services-management-platform/ImageMagick ยป affected/fix current manifest indicates affected version imagemagick-8:6.9.10.23+dfsg-2.1
Upstream fix: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 [ImageMagick] https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f [ImageMagick v6]
*** Bug 1920270 has been marked as a duplicate of this bug. ***
*** Bug 1916611 has been marked as a duplicate of this bug. ***
Created ImageMagick tracking bugs for this issue: Affects: epel-all [bug 1925097] Affects: fedora-all [bug 1925096]
The following two patches are missing here: https://github.com/ImageMagick/ImageMagick/commit/9c06496defe3e28e90da780f09baeb40f7d496ae https://github.com/ImageMagick/ImageMagick6/commit/d348259b3bffa12d6aeb308fffd6e572c4d62786
*** Bug 1928957 has been marked as a duplicate of this bug. ***
Upstream PR: https://github.com/ImageMagick/ImageMagick/pull/3192