CVE-2021-20243
Description
A division-by-zero flaw in ImageMagick's resize.c allows attackers to cause denial of service via crafted files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A division-by-zero flaw in ImageMagick's resize.c allows attackers to cause denial of service via crafted files.
Vulnerability
The vulnerability resides in MagickCore/resize.c in ImageMagick. When processing a crafted image file, the function GetResizeFilterWeight can perform a division by zero due to improper handling of certain input values. This leads to undefined behavior. The issue affects ImageMagick versions prior to the fix [1][2].
Exploitation
An attacker can exploit this by providing a specially crafted image file to an application using ImageMagick for processing. No special privileges are required; the attacker only needs to submit the file. The division by zero occurs during the resize operation, potentially causing a crash or other undefined behavior [2].
Impact
Successful exploitation results in a denial of service (DoS) due to application crash or hang. The highest threat is to system availability. Undefined behavior could potentially lead to other impacts, but the primary concern is availability [2].
Mitigation
The fix was implemented in pull request #3193 on GitHub, which uses PerceptibleReciprocal() to prevent the division by zero. The fix was included in ImageMagick versions after the patch. Users should update to a patched version. For Red Hat systems, tracking bugs were created for epel-8 and fedora-all [1][2].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16- ImageMagick/ImageMagickdescription
- osv-coords14 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 0+ 13 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.0.7.34-lp152.12.12.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 6.8.8.1-71.162.1
Patches
21 file changed · +1 −1
ChangeLog+1 −1 modified@@ -1,5 +1,5 @@ 2021-02-07 7.0.10-62 <quetzlzacatenango@image...> - * Release ImageMagick version 7.0.10-62 GIT revision 18416:e709dd485:20210207 + * Release ImageMagick version 7.0.10-62 GIT revision 18418:f1e915f65:20210207 2021-02-01 7.0.10-62 <quetzlzacatenango@image...> * -trim not working as expected (reference
9751bd619872uses the PerceptibleReciprocal() to prevent the divide-by-zero from occurring (#3193)
1 file changed · +1 −1
MagickCore/resize.c+1 −1 modified@@ -1656,7 +1656,7 @@ MagickPrivate double GetResizeFilterWeight(const ResizeFilter *resize_filter, */ assert(resize_filter != (ResizeFilter *) NULL); assert(resize_filter->signature == MagickCoreSignature); - x_blur=fabs((double) x)/resize_filter->blur; /* X offset with blur scaling */ + x_blur=fabs((double) x)*PerceptibleReciprocal(resize_filter->blur); /* X offset with blur scaling */ if ((resize_filter->window_support < MagickEpsilon) || (resize_filter->window == Box)) scale=1.0; /* Point or Box Filter -- avoid division by zero */
Vulnerability mechanics
Root cause
"Missing guard against division by zero when resize_filter->blur is zero in GetResizeFilterWeight()."
Attack vector
An attacker submits a crafted image file that, when processed by ImageMagick, causes `resize_filter->blur` to be zero in `GetResizeFilterWeight()`. The division `fabs((double) x)/resize_filter->blur` then triggers undefined behavior in the form of a math division-by-zero [patch_id=2271423]. The highest threat from this vulnerability is to system availability, as the undefined behavior can crash the process.
Affected code
The vulnerability is in `MagickCore/resize.c` in the function `GetResizeFilterWeight()`. The faulting line computes `x_blur=fabs((double) x)/resize_filter->blur`, where `resize_filter->blur` can be zero, leading to a division-by-zero [patch_id=2271423].
What the fix does
The patch replaces the direct division `x / resize_filter->blur` with multiplication by `PerceptibleReciprocal(resize_filter->blur)` [patch_id=2271423]. `PerceptibleReciprocal()` returns a safe non-zero reciprocal even when the input is zero, thereby preventing the division-by-zero undefined behavior. The commit message confirms the fix "uses the PerceptibleReciprocal() to prevent the divide-by-zero from occurring" [ref_id=1].
Preconditions
- inputThe attacker must supply a crafted image file that causes resize_filter->blur to be zero when processed by ImageMagick.
- configImageMagick must process the crafted file using the GetResizeFilterWeight() function in MagickCore/resize.c.
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.