CVE-2021-20309: 
ImageMagick vulnerability analysis and mitigation

A division by zero vulnerability was discovered in ImageMagick versions before 7.0.11 and before 6.9.12. The vulnerability, identified as CVE-2021-20309, exists in the WaveImage() function of MagickCore/visual-effects.c. This flaw could be triggered when processing a specially crafted image file submitted to an application using ImageMagick (Ubuntu Security, Debian LTS).

The vulnerability is caused by a division by zero condition in the WaveImage() function located in MagickCore/visual-effects.c. The issue has been assigned a CVSS 3.1 base score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires low complexity to exploit, needs no privileges or user interaction, and primarily impacts system availability (Ubuntu Security).

The primary impact of this vulnerability is to system availability. When successfully exploited, the division by zero condition can trigger undefined behavior in the application, potentially leading to application crashes or denial of service conditions (Red Hat Bugzilla, Ubuntu Security).

The vulnerability has been fixed in ImageMagick versions 7.0.11 and 6.9.12. Users are advised to upgrade to these or later versions. The fix has been backported to various Linux distributions including Ubuntu, Debian, and others. The patches are available in the upstream repositories through commits f1e68d22d1b35459421710587a0dcbab6900b51f (ImageMagick6) and 94174beff065cb5683d09d79e992c3ebbdead311 (ImageMagick) (Red Hat Bugzilla).