CVE-2021-20224Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound13 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 90.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedAug 25
Latest updateJul 25

Description

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.57+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.10-57+1
Debianimagemagick/imagemagick< 8:6.9.11.57+dfsg-1+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+10
CVEListV5imagemagick/imagemagickFixed in ImageMagick-7.0.10-57, ImageMagick6-6.9.11-57

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-ccpc-2gr7-q87w: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export2022-08-26

📋Vendor Advisories

6
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Red Hat
ImageMagick: integer overflow in ExportIndexQuantum() in MagickCore/quantum-export.c2022-08-25