CVE-2021-20241

low-risk
Published 2021-03-09

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Debian Imagemagick

References (8)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1928952
Patch https://github.com/ImageMagick/ImageMagick/pull/3177
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1928952
Patch https://github.com/ImageMagick/ImageMagick/pull/3177
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low