1916610 – (CVE-2021-20176) CVE-2021-20176 ImageMagick: processing crafted file leads to division by zero

Bug 1916610 (CVE-2021-20176) - CVE-2021-20176 ImageMagick: processing crafted file leads to division by zero

Summary: CVE-2021-20176 ImageMagick: processing crafted file leads to division by zero

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2021-20176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	CVE-2021-20189 CVE-2021-20242 (view as bug list)
Depends On:	1923341 1924786 1925096 1925097
Blocks:	1923027 1928961 1931722
TreeView+	depends on / blocked

Reported:	2021-01-15 09:19 UTC by msiddiqu
Modified:	2021-10-28 10:36 UTC (History)
CC List:	11 users (show)
Fixed In Version:	ImageMagick 6.9.11-57,ImageMagick 7.0.10-57
Doc Type:	If docs needed, set a value
Doc Text:	A divide-by-zero flaw was found in ImageMagick in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2021-10-28 10:36:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description msiddiqu 2021-01-15 09:19:46 UTC

A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.

References: 
 
https://github.com/ImageMagick/ImageMagick/issues/3077

Comment 1 msiddiqu 2021-01-15 09:19:52 UTC

Acknowledgments:

Name: Zhang Xiaohui (Renmin University of China)

Comment 2 juneau 2021-02-01 16:36:26 UTC

setting services-management-platform/ImageMagick » affected/fix
current manifest indicates affected version imagemagick-8:6.9.10.23+dfsg-2.1

Comment 4 Riccardo Schirone 2021-02-03 15:38:00 UTC

Upstream fix:
https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 [ImageMagick]
https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f [ImageMagick v6]

Comment 6 msiddiqu 2021-02-04 12:05:38 UTC

*** Bug 1920270 has been marked as a duplicate of this bug. ***

Comment 7 msiddiqu 2021-02-04 12:07:46 UTC

*** Bug 1916611 has been marked as a duplicate of this bug. ***

Comment 8 msiddiqu 2021-02-04 12:08:19 UTC

Created ImageMagick tracking bugs for this issue:

Affects: epel-all [bug 1925097]
Affects: fedora-all [bug 1925096]

Comment 9 Gianluca Gabrielli 2021-02-05 12:06:12 UTC

The following two patches are missing here:

https://github.com/ImageMagick/ImageMagick/commit/9c06496defe3e28e90da780f09baeb40f7d496ae
https://github.com/ImageMagick/ImageMagick6/commit/d348259b3bffa12d6aeb308fffd6e572c4d62786

Comment 10 msiddiqu 2021-02-16 21:22:53 UTC

*** Bug 1928957 has been marked as a duplicate of this bug. ***

Comment 11 msiddiqu 2021-02-17 09:36:18 UTC

Upstream PR:
 
https://github.com/ImageMagick/ImageMagick/pull/3192

Note You need to log in before you can comment on or make changes to this bug.