Unrated severityNVD Advisory· Published Mar 9, 2021· Updated Aug 3, 2024

CVE-2021-20246

Description

A division-by-zero flaw in ImageMagick's ScaleResampleFilter function can crash the application via a crafted file, affecting availability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A division-by-zero flaw in ImageMagick's ScaleResampleFilter function can crash the application via a crafted file, affecting availability.

Vulnerability

A division-by-zero flaw exists in ImageMagick's MagickCore/resample.c file, specifically in the ScaleResampleFilter() function. When resample_filter->support is set to 0, a mathematical division by zero occurs. The resample_filter is acquired from the image itself, so a crafted image can trigger this code path. This affects ImageMagick versions prior to 7.0.10-62 [1].

Exploitation

An attacker can submit a specially crafted image file that sets resample_filter->support to 0. When ImageMagick processes this file, the ScaleResampleFilter() function executes a division operation with a zero divisor, leading to undefined behavior. The attacker does not require any special privileges or authentication; they only need to deliver the file to a user or service that processes images with an affected version of ImageMagick [1].

Impact

Successful exploitation results in undefined behavior due to division by zero. The primary impact is an application crash (denial of service), affecting system availability. The description notes that other undefined behavior effects are possible, but availability is the highest threat [1].

Mitigation

The flaw is fixed in ImageMagick version 7.0.10-62. The upstream patch is available at: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51. Users should update to the patched version or later. Distribution-specific tracking bugs were created for Fedora and EPEL [1].

References

Division by zero in ScaleResampleFilter in MagickCore/resample.c

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ImageMagick/ImageMagickdescription
ImageMagick/Imagemagickllm-fuzzy
osv-coords11 versions
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-lp152.12.12.1+ 10 more
- (no CPE)range: < 7.0.7.34-lp152.12.12.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 7.0.7.34-10.12.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.162.1
- (no CPE)range: < 6.8.8.1-71.162.1

Patches

35b4991eb093

...

https://github.com/imagemagick/imagemagickCristyFeb 7, 2021via osv

commit

1 file changed · +1 −1

ChangeLog+1 −1 modified

@@ -1,5 +1,5 @@
 2021-02-07  7.0.10-62  <quetzlzacatenango@image...>
-  * Release ImageMagick version 7.0.10-62 GIT revision 18416:e709dd485:20210207
+  * Release ImageMagick version 7.0.10-62 GIT revision 18418:f1e915f65:20210207
 
 2021-02-01  7.0.10-62  <quetzlzacatenango@image...>
   * -trim not working as expected (reference

9a63144fce57

pending release

https://github.com/ImageMagick/ImageMagick6CristyFeb 7, 2021via osv

commit

1 file changed · +2 −2

ChangeLog+2 −2 modified

@@ -1,5 +1,5 @@
-2021-02-05  6.9.11-62  <quetzlzacatenango@image...>
-  * Release ImageMagick version 6.9.11-62 GIT revision 16...
+2021-02-07  6.9.11-62  <quetzlzacatenango@image...>
+  * Release ImageMagick version 6.9.11-62 GIT revision 16452:52351447e:20210207
 
 2021-02-01  6.9.11-61  <quetzlzacatenango@image...>
   * -trim not working as expected (reference

8d25d94a363b

https://github.com/ImageMagick/ImageMagick/issues/3195

https://github.com/imagemagick/imagemagickCristyFeb 3, 2021via body-scan

commit

1 file changed · +2 −2

MagickCore/resample.c+2 −2 modified

@@ -1200,10 +1200,10 @@ MagickExport void ScaleResampleFilter(ResampleFilter *resample_filter,
   { double scale;
 #if FILTER_LUT
     /* scale so that F = WLUT_WIDTH; -- hardcoded */
-    scale = (double)WLUT_WIDTH/F;
+    scale=(double) WLUT_WIDTH*PerceptibleReciprocal(F);
 #else
     /* scale so that F = resample_filter->F (support^2) */
-    scale = resample_filter->F/F;
+    scale=resample_filter->F*PerceptibleReciprocal(F);
 #endif
     resample_filter->A = A*scale;
     resample_filter->B = B*scale;

Vulnerability mechanics

Root cause

"Missing zero-division check in ScaleResampleFilter() allows division by zero when resample_filter->support is 0."

Attack vector

An attacker submits a crafted image file that, when processed by ImageMagick, causes `resample_filter->support` to be set to 0 [ref_id=1]. Because `ScaleResampleFilter()` divides by `F` (derived from `support`) without a zero check, this triggers a division-by-zero undefined behavior [patch_id=2271436]. The result is a crash of the application, affecting system availability [ref_id=1]. No authentication or special network position is required beyond delivering the malicious file to a vulnerable ImageMagick instance.

Affected code

The vulnerability resides in `MagickCore/resample.c` within the `ScaleResampleFilter()` function [ref_id=1]. Two lines perform division by `F` without checking whether `F` is zero: the `#if FILTER_LUT` branch divides `WLUT_WIDTH` by `F`, and the `#else` branch divides `resample_filter->F` by `F` [patch_id=2271436]. The `resample_filter` structure is derived from the image being processed, so a crafted image can cause `resample_filter->support` to be set to 0, which leads to `F` being 0 [ref_id=1].

What the fix does

The patch replaces the direct division by `F` with multiplication by `PerceptibleReciprocal(F)` in both branches of `ScaleResampleFilter()` [patch_id=2271436]. `PerceptibleReciprocal()` returns a safe value (typically 0) when the argument is zero, thereby avoiding the division-by-zero undefined behavior. This change closes the crash vector without altering the intended scaling logic for non-zero filter widths.

Preconditions

inputAttacker must supply a crafted image file that sets resample_filter->support to 0
configThe vulnerable ImageMagick instance must process the crafted file (e.g., via convert, identify, or library call)

Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2023/05/msg00020.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000