CVE reports:
Several vulnerabilities have been discovered in ImageMagick:
- CVE-2021-20309: A flaw was found in ImageMagick in versions before 6.9.12,
where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger
undefined behavior via a crafted image file submitted to an application using ImageMagick.
- CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 in gem.c.
This flaw allows an attacker who submits a crafted file that is processed by ImageMagick
to trigger undefined behavior through a division by zero.
- CVE-2020-29599: ImageMagick before 6.9.11-40 mishandles the -authenticate option,
which allows setting a password for password-protected PDF files.
- And maybe some others…