Bug 1916610 (CVE-2021-20176)

Summary: CVE-2021-20176 ImageMagick: processing crafted file leads to division by zero
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: fedora, jhorak, juneau, kaycoth, mike, pahan, psampaio, rhel8-maint, security-response-team, tcullum, tuxmealux+redhatbz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ImageMagick 6.9.11-57,ImageMagick 7.0.10-57 Doc Type: If docs needed, set a value
Doc Text:
A divide-by-zero flaw was found in ImageMagick in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-28 10:36:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1923341, 1924786, 1925096, 1925097    
Bug Blocks: 1923027, 1928961, 1931722    

Description msiddiqu 2021-01-15 09:19:46 UTC
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.

References: 
 
https://github.com/ImageMagick/ImageMagick/issues/3077

Comment 1 msiddiqu 2021-01-15 09:19:52 UTC
Acknowledgments:

Name: Zhang Xiaohui (Renmin University of China)

Comment 2 juneau 2021-02-01 16:36:26 UTC
setting services-management-platform/ImageMagick ยป affected/fix
current manifest indicates affected version imagemagick-8:6.9.10.23+dfsg-2.1

Comment 6 msiddiqu 2021-02-04 12:05:38 UTC
*** Bug 1920270 has been marked as a duplicate of this bug. ***

Comment 7 msiddiqu 2021-02-04 12:07:46 UTC
*** Bug 1916611 has been marked as a duplicate of this bug. ***

Comment 8 msiddiqu 2021-02-04 12:08:19 UTC
Created ImageMagick tracking bugs for this issue:

Affects: epel-all [bug 1925097]
Affects: fedora-all [bug 1925096]

Comment 10 msiddiqu 2021-02-16 21:22:53 UTC
*** Bug 1928957 has been marked as a duplicate of this bug. ***

Comment 11 msiddiqu 2021-02-17 09:36:18 UTC
Upstream PR:
 
https://github.com/ImageMagick/ImageMagick/pull/3192