CVE-2021-20241
Description
ImageMagick division-by-zero in WriteJP2Image() allows crafted file to cause denial of service via undefined behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick division-by-zero in WriteJP2Image() allows crafted file to cause denial of service via undefined behavior.
Vulnerability
A division-by-zero flaw exists in the WriteJP2Image() function in coders/jp2.c of ImageMagick. The issue occurs when jp2_image->comps[i].dy is set to zero during processing of a crafted image file. This affects ImageMagick versions prior to 7.0.10-62 [1][2].
Exploitation
An attacker can trigger the vulnerability by providing a specially crafted image file that results in a zero value for comps[i].dy. When ImageMagick processes the file, the division-by-zero occurs, leading to undefined behavior. No authentication or special privileges are required beyond the ability to submit the file for processing [1][2].
Impact
The primary impact is denial of service (system availability), as the undefined behavior from the division-by-zero can cause the application to crash or hang. While other consequences are theoretically possible due to undefined behavior, the documented threat is to availability [2].
Mitigation
The fix was implemented in ImageMagick version 7.0.10-62, released shortly after the patch. The patch replaces the division with the PerceptibleReciprocal() routine to avoid the zero division [1]. Users should update to at least this version. No other workarounds are documented.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- ImageMagick/ImageMagickdescription
- osv-coords6 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
< 7.0.7.34-lp152.12.12.1+ 5 more
- (no CPE)range: < 7.0.7.34-lp152.12.12.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
Patches
31 file changed · +1 −1
ChangeLog+1 −1 modified@@ -1,5 +1,5 @@ 2021-02-07 7.0.10-62 <quetzlzacatenango@image...> - * Release ImageMagick version 7.0.10-62 GIT revision 18416:e709dd485:20210207 + * Release ImageMagick version 7.0.10-62 GIT revision 18418:f1e915f65:20210207 2021-02-01 7.0.10-62 <quetzlzacatenango@image...> * -trim not working as expected (reference
1 file changed · +2 −2
ChangeLog+2 −2 modified@@ -1,5 +1,5 @@ -2021-02-05 6.9.11-62 <quetzlzacatenango@image...> - * Release ImageMagick version 6.9.11-62 GIT revision 16... +2021-02-07 6.9.11-62 <quetzlzacatenango@image...> + * Release ImageMagick version 6.9.11-62 GIT revision 16452:52351447e:20210207 2021-02-01 6.9.11-61 <quetzlzacatenango@image...> * -trim not working as expected (reference
aac99a3cb17aMerge 1e59e000ecae2523e707242621738da27d0d6296 into c2a9261eac3917c9cea29c67b9e68ec996bbee8c
1 file changed · +2 −2
coders/jp2.c+2 −2 modified@@ -1056,8 +1056,8 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image, scale=(double) (((size_t) 1UL << jp2_image->comps[i].prec)-1)/ QuantumRange; - q=jp2_image->comps[i].data+(y/jp2_image->comps[i].dy* - image->columns/jp2_image->comps[i].dx+x/jp2_image->comps[i].dx); + q=jp2_image->comps[i].data+(y*PerceptibleReciprocal(jp2_image->comps[i].dy)* + image->columns*PerceptibleReciprocal(jp2_image->comps[i].dx)+x*PerceptibleReciprocal(jp2_image->comps[i].dx)); switch (i) { case 0:
Vulnerability mechanics
Root cause
"Missing divisor validation allows division by zero when jp2_image->comps[i].dy or .dx is zero."
Attack vector
An attacker submits a crafted image file where the JP2 component parameters `dy` or `dx` are set to zero [ref_id=2]. When ImageMagick processes this file via `WriteJP2Image()`, the division by zero triggers undefined behavior, most likely causing a crash and impacting system availability [ref_id=2]. No authentication or special network access is required beyond delivering the malicious file to the processing pipeline.
Affected code
The vulnerability resides in `WriteJP2Image()` in `coders/jp2.c` [ref_id=2]. The faulty lines compute a pointer offset using division by `jp2_image->comps[i].dy` and `jp2_image->comps[i].dx` [patch_id=2271419].
What the fix does
The patch replaces direct division operations with calls to `PerceptibleReciprocal()` [patch_id=2271419]. This function safely handles a zero divisor by returning a large finite value instead of triggering a division-by-zero exception, thus preventing the undefined behavior [ref_id=2]. The change applies to the pointer arithmetic in the pixel data loop of `WriteJP2Image()` [patch_id=2271419].
Preconditions
- inputAttacker must supply a crafted JP2 image file with component parameters dy or dx set to zero
- configThe crafted file must be processed by ImageMagick's WriteJP2Image() function
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.