QID 354324
Date Published: 2022-12-21
QID 354324: Amazon Linux Security Advisory for ImageMagick : ALAS2022-2022-164
A divide-by-zero flaw was found in imagemagick in gem.c.
This flaw allows an attacker who submits a crafted file that is processed by imagemagick to trigger undefined behavior through a division by zero.
The highest threat from this vulnerability is to system availability. (
( CVE-2021-20176) a flaw was found in imagemagick in coders/jp2.c.
An attacker who submits a crafted file that is processed by imagemagick could trigger undefined behavior in the form of math division by zero.
( CVE-2021-20241) a flaw was found in imagemagick in magickcore/resample.c.
( CVE-2021-20246) a flaw was found in imagemagick, where a division by zero in waveimage() of magickcore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using imagemagick.
( CVE-2021-20309)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2022-2022-164 -
alas.aws.amazon.com/AL2022/ALAS-2022-164.html
CVEs related to QID 354324
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2022-2022-164 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2022-164.html |