CVE-2019-14981

Vulnerability

A divide-by-zero vulnerability exists in the MeanShiftImage function in MagickCore/feature.c of ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41 [1][4]. The function initializes a variable count to zero and later divides by it (gamma=1.0/count). If the inner loop does not increment count (e.g., due to a crafted image causing no iterations), the division by zero triggers a crash [2][3][4].

Exploitation

An attacker can trigger this vulnerability by convincing a user or automated system to open a specially crafted image file with ImageMagick [1]. No special privileges are required; the attack only requires the submitted image to bypass the count increment path in MeanShiftImage. The attacker does not need network position beyond sending the file to the target.

Impact

Successful exploitation results in a denial of service (application crash). The official advisory also notes that other similar malformed image files can lead to arbitrary code execution, but this specific CVE is limited to denial of service [1]. The crash occurs within the process handling the image, potentially affecting any service or user that uses ImageMagick to process untrusted images.

Mitigation

ImageMagick released fixed versions 7.0.8-41 and 6.9.10-41, which replace the direct division with PerceptibleReciprocal(count) to safely handle zero [2][3]. Users should update their ImageMagick installation to these versions or later. For Ubuntu systems, the fix is available via standard package updates (e.g., USN-4192-1) [1]. No workaround is disclosed for unpatched installations.