Division by zero in GenerateDifferentialNoise() in MagickCore/gem.c #3077
Comments
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in the GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
urban-warrior
pushed a commit
that referenced
this issue
Jan 6, 2021
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
Jan 6, 2021
|
This issue was assigned CVE-2021-20176 |
|
Hi @urban-warrior, do you think the following lines are relevant for this vulnerability? ImageMagick: |
|
Yes. We'll add a patch. |
urban-warrior
pushed a commit
that referenced
this issue
Feb 5, 2021
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
Feb 5, 2021
|
We maintain two different releases of ImageMagick. IMv6 & IMv7. |
|
Yes, but these are both for IMv7. IMv6 is in a different repo, am I wrong? |
3 tasks
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this issue
Feb 26, 2021
Fixes the following security issue: CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. For more details, see the bugtracker: ImageMagick/ImageMagick#3077 - bump version to 7.0.10-62 - update license file hash (copyright year update) Signed-off-by: Peter Seiderer <ps.report@gmx.net> [Peter: mention security fix] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Mar 5, 2021
Fixes the following security issue: CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. For more details, see the bugtracker: ImageMagick/ImageMagick#3077 - bump version to 7.0.10-62 - update license file hash (copyright year update) Signed-off-by: Peter Seiderer <ps.report@gmx.net> [Peter: mention security fix] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a11b6be) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Mar 5, 2021
Fixes the following security issue: CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. For more details, see the bugtracker: ImageMagick/ImageMagick#3077 - bump version to 7.0.10-62 - update license file hash (copyright year update) Signed-off-by: Peter Seiderer <ps.report@gmx.net> [Peter: mention security fix] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a11b6be) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When
attenuatewas set to zero,SigmaPoissonwould be zero too. So a crafted file may trigger undefined behavior in the form of division by zero. Maybe there need a check onSigmaPoissonbefore line 1590?ImageMagick/MagickCore/gem.c
Lines 1576 to 1592 in 0d20727
The text was updated successfully, but these errors were encountered: