Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

CVE-2021-20244 (GCVE-0-2021-20244)

Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: ImageMagick 7.0.10-62
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928959"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/pull/3194"
          },
          {
            "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
          },
          {
            "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ImageMagick 7.0.10-62"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928959"
        },
        {
          "url": "https://github.com/ImageMagick/ImageMagick/pull/3194"
        },
        {
          "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
        },
        {
          "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20244",
    "datePublished": "2021-03-09T00:00:00.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:23.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20243 (GCVE-0-2021-20243)

Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: ImageMagick 7.0.10-62
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928958"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/pull/3193"
          },
          {
            "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ImageMagick 7.0.10-62"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928958"
        },
        {
          "url": "https://github.com/ImageMagick/ImageMagick/pull/3193"
        },
        {
          "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20243",
    "datePublished": "2021-03-09T00:00:00.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:23.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20241 (GCVE-0-2021-20241)

Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: ImageMagick 6.9.11-62, ImageMagick 7.0.10-62
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:22.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/pull/3177"
          },
          {
            "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
          },
          {
            "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ImageMagick 6.9.11-62, ImageMagick 7.0.10-62"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928952"
        },
        {
          "url": "https://github.com/ImageMagick/ImageMagick/pull/3177"
        },
        {
          "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
        },
        {
          "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20241",
    "datePublished": "2021-03-09T00:00:00.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:22.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20176 (GCVE-0-2021-20176)

Vulnerability from cvelistv5 – Published: 2021-02-05 00:00 – Updated: 2024-08-03 17:30
VLAI
Summary
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: 6.9.11-57, 7.0.10-57
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916610"
          },
          {
            "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
          },
          {
            "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.9.11-57, 7.0.10-57"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916610"
        },
        {
          "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
        },
        {
          "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20176",
    "datePublished": "2021-02-05T00:00:00.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:30:07.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4216 (GCVE-0-2021-4216)

Vulnerability from cvelistv5 – Published: 2022-08-26 15:25 – Updated: 2024-08-03 17:16
VLAI
Summary
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a mupdf Affected: Fixed in v1.20.0-rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mupdf",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in v1.20.0-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369 - Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-26T15:25:43.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mupdf",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in v1.20.0-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-369 - Divide By Zero"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.ghostscript.com/show_bug.cgi?id=704834",
              "refsource": "MISC",
              "url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
            },
            {
              "name": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf",
              "refsource": "MISC",
              "url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4216",
    "datePublished": "2022-08-26T15:25:43.000Z",
    "dateReserved": "2022-01-27T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:16:04.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3941 (GCVE-0-2021-3941)

Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:09
VLAI
Summary
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a openexr Affected: OpenEXR 3.1.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
          },
          {
            "name": "FEDORA-2022-18e14f460c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
          },
          {
            "name": "GLSA-202210-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-31"
          },
          {
            "name": "DSA-5299",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5299"
          },
          {
            "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openexr",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "OpenEXR 3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-12T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
        },
        {
          "name": "FEDORA-2022-18e14f460c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
        },
        {
          "name": "GLSA-202210-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-31"
        },
        {
          "name": "DSA-5299",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5299"
        },
        {
          "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3941",
    "datePublished": "2022-03-25T00:00:00.000Z",
    "dateReserved": "2021-11-09T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:09.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3432 (GCVE-0-2021-3432)

Vulnerability from cvelistv5 – Published: 2022-06-28 19:45 – Updated: 2024-09-17 00:21
VLAI
Title
BT: Invalid interval in CONNECT_IND leads to Division by Zero
Summary
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
CWE
  • CWE-369 - Divide By Zero (CWE-369)
Assigner
References
Impacted products
Vendor Product Version
zephyrproject-rtos zephyr Affected: v1.14.0 , < unspecified (custom)
Affected: v2.5.0 , < unspecified (custom)
Create a notification for this product.
Date Public
2021-06-21 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zephyr",
          "vendor": "zephyrproject-rtos",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "v1.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "v2.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "Divide By Zero (CWE-369)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-28T19:45:28.000Z",
        "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "shortName": "zephyr"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
        ]
      },
      "title": "BT: Invalid interval in CONNECT_IND leads to Division by Zero",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilities@zephyrproject.org",
          "DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
          "ID": "CVE-2021-3432",
          "STATE": "PUBLIC",
          "TITLE": "BT: Invalid interval in CONNECT_IND leads to Division by Zero"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "zephyr",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "v1.14.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "v2.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "zephyrproject-rtos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MODERATE",
            "confidentialityImpact": "NONE",
            "environmentalScore": 4.3,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Divide By Zero (CWE-369)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4",
              "refsource": "MISC",
              "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
            }
          ]
        },
        "source": {
          "defect": [
            "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
    "assignerShortName": "zephyr",
    "cveId": "CVE-2021-3432",
    "datePublished": "2022-06-28T19:45:28.514Z",
    "dateReserved": "2021-03-11T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:21:58.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27790 (GCVE-0-2020-27790)

Vulnerability from cvelistv5 – Published: 2022-08-18 18:57 – Updated: 2024-08-04 16:25
VLAI
Summary
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a upx Affected: Fixed in v3.96.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:42.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/upx/upx/issues/331"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "upx",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in v3.96."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369 - Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T18:57:21.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/upx/upx/issues/331"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-27790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "upx",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in v3.96."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-369 - Divide By Zero"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/upx/upx/issues/331",
              "refsource": "MISC",
              "url": "https://github.com/upx/upx/issues/331"
            },
            {
              "name": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26",
              "refsource": "MISC",
              "url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27790",
    "datePublished": "2022-08-18T18:57:21.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:42.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27773 (GCVE-0-2020-27773)

Vulnerability from cvelistv5 – Published: 2020-12-04 00:00 – Updated: 2024-08-04 16:25
VLAI
Summary
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: ImageMagick 7.0.9-0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:42.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295"
          },
          {
            "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
          },
          {
            "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ImageMagick 7.0.9-0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "(CWE-369|CWE-190)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-11T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295"
        },
        {
          "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
        },
        {
          "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27773",
    "datePublished": "2020-12-04T00:00:00.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:25:42.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27765 (GCVE-0-2020-27765)

Vulnerability from cvelistv5 – Published: 2020-12-04 00:00 – Updated: 2024-08-04 16:18
VLAI
Summary
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a ImageMagick Affected: ImageMagick 7.0.9-0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:18:45.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894684"
          },
          {
            "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
          },
          {
            "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ImageMagick 7.0.9-0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-11T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894684"
        },
        {
          "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
        },
        {
          "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27765",
    "datePublished": "2020-12-04T00:00:00.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:18:45.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.