CVE-2021-20241

Description

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

How to fix CVE-2021-20241

To remediate CVE-2021-20241, upgrade the affected package to a fixed version below.

Debian/imagemagick—upgrade to 8:6.9.11.60+dfsg-1.3+deb11u2 or later

Is CVE-2021-20241 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 8:6.9.11.60+dfsg-1.3+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-20241