7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-20311

GHSA ID

GHSA-3ffh-qhc3-7r9v

EPSS Score

0.2686%

CWE

CWE-369

Published

5/24/2022

Updated

1/29/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-20311

CVE-2021-20311: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in...

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-20311

CVE-2021-20311:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-20311

GHSA ID

GHSA-3ffh-qhc3-7r9v

EPSS Score

0.2686%

CWE

CWE-369

Published

5/24/2022

Updated

1/29/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions sRGBTransformImage in MagickCore/colorspace.c as the location of the division by zero. The provided commit 70aa86f5d5d8aa605a918ed51f7574f433a18482 shows changes in this function where direct division by film_gamma is replaced by multiplication with the result of PerceptibleReciprocal(film_gamma). This is a standard way to handle potential division by zero. The same pattern of change was observed in the TransformsRGBImage function within the same file, indicating it was likely susceptible to the same vulnerability or was fixed as a preventative measure. The commit message also mentions "possible divide by zero". The other modified files in the commit relate to buffer clearing and thumbnail parsing, which are not directly related to the described division by zero in colorspace.c.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-20311: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in...

CVE-2021-20311:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2021-20311: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in...

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI