Divide By Zero Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u11
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-IMAGEMAGICK-1045697
- published 26 Nov 2020
- disclosed 3 Dec 2020
Introduced: 26 Nov 2020
CVE-2020-27760 Open this link in a new tabHow to fix?
Upgrade Debian:9
imagemagick
to version 8:6.9.7.4+dfsg-11+deb9u11 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream imagemagick
package and not the imagemagick
package as distributed by Debian
.
See How to fix?
for Debian:9
relevant fixed versions and status.
In GammaImage()
of /MagickCore/enhance.c, depending on the gamma
value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the PerceptibleReciprocal()
to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.