CVE-2022-20245: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-20245 was discovered in ImageMagick, specifically in the coders/webp.c component. The vulnerability was disclosed on March 9, 2021, and affects various versions of ImageMagick software (Ubuntu Security).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The flaw involves undefined behavior triggered by a division by zero operation in the WebP image processing code. The vulnerability is categorized under CWE-369 (Divide By Zero) (NVD).

The primary impact of this vulnerability affects system availability. When successfully exploited, an attacker could cause the application to crash through a division by zero error, potentially leading to denial of service conditions. The vulnerability specifically impacts system availability while maintaining no direct effect on confidentiality or integrity (NVD).

Fixed versions have been released for multiple Ubuntu distributions including 24.10 (oracular), 24.04 LTS (noble), 23.10 (mantic), 23.04 (lunar), and 22.10 (kinetic). Ubuntu Pro users can access fixes via ESM Apps. The upstream fix is identified with commit a78d92d (Ubuntu Security).