What the vulnerability does

01Description

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Key dates

02Disclosure timeline

May 11, 2021 CVE published
August 3, 2024 Record updated