In ImageMagick 7.0.8-67 there are 3 division by zero at MagickCore/colorspace-private.h and outside the range bug at MagickCore/quantum.h:120. Reference: https://github.com/ImageMagick/ImageMagick/issues/1711 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
Flaw Summary: In ConvertRGBToCMYK() of MagickCore/colorspace-private.h , there are calculations involved in cyan, magenta, and yellow colors which could cause a divide-by-zero runtime error and crash ImageMagick when it is provided with untrusted input file data. The patch uses the function PerceptibleReciprocal() in addition to replacing division with multiplication, in order to avoid divide-by-zero conditions. I'm not certain that the patch there fixes the out-of-range bug but that may have been patched elsewhere.
Acknowledgments: Name: Suhwan Song (Seoul National University)
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1901241] Affects: fedora-all [bug 1901242]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27750