Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DIVIDE_BY_ZERO in feature.c #1552

Closed
boo0m opened this issue Apr 18, 2019 · 2 comments
Closed

DIVIDE_BY_ZERO in feature.c #1552

boo0m opened this issue Apr 18, 2019 · 2 comments
Milestone

Comments

@boo0m
Copy link

boo0m commented Apr 18, 2019

MagickCore/feature.c

In line 2259, it assgin 'count=0', the code make a loop as 'for (v=(-((ssize_t) height/2)); v <= (((ssize_t) height/2)); v++)' , the 'count++' in this loop and the 'gamma=1.0/count' in line 2291. But the count is 0 in some cases. It may happen DIVIDE_BY_ZERO bug if the code don't get in this loop.

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Apr 18, 2019
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added this to the 7.0.8-41 milestone Apr 22, 2019
@nohmask
Copy link

nohmask commented Aug 18, 2019

This was assigned CVE-2019-14981.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

4 participants