CVE-2022-20309: 
NixOS vulnerability analysis and mitigation

CVE-2021-20309 is a vulnerability discovered in ImageMagick versions before 7.0.11 and before 6.9.12. The vulnerability was published on May 11, 2021, and affects the visual effects processing functionality of the software (Ubuntu CVE).

The vulnerability exists in the WaveImage() function of MagickCore/visual-effects.c, where a division by zero condition can be triggered through a specially crafted image file. The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High), with attack vector being Network, attack complexity Low, requiring no privileges or user interaction, and affecting system availability (Ubuntu CVE).

When exploited, this vulnerability primarily affects system availability. If a user or automated system using ImageMagick is tricked into opening a specially crafted image file, an attacker could crash the application, causing a denial of service (Ubuntu Security Notice).

The vulnerability has been fixed in multiple Ubuntu releases through security updates. Users are advised to update their ImageMagick packages to the patched versions. For Ubuntu 22.10, the fixed version is 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1, for Ubuntu 20.04 LTS the fixed version is 8:6.9.10.23+dfsg-2.1ubuntu11.9, and for other supported versions, corresponding security updates are available (Ubuntu Security Notice).