CVE-2021-20312 — Integer Overflow or Wraparound in Imagemagick

CWE-190 — Integer Overflow or Wraparound15 documents6 sources

Severity

7.5HIGHNVD

OSV7.8OSV5.5

EPSS

0.2%

top 61.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedMay 11

Latest updateJul 25

Description

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)

▶NVDimagemagick/imagemagick< 7.0.11-0

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u4+3

▶Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.12+13

▶CVEListV5imagemagick/imagemagickImageMagick 7.0.11

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

imagemagick vulnerabilities↗2024-07-25

▶

OSV

imagemagick vulnerabilities↗2023-07-04

▶

OSV

imagemagick vulnerabilities↗2022-11-24

▶

OSV

imagemagick vulnerabilities↗2022-11-24

▶

GHSA

GHSA-7cgc-x5j3-p7hx: A flaw was found in ImageMagick in versions 7↗2022-05-24

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-07-25

▶

Ubuntu

ImageMagick vulnerabilities↗2023-07-04

▶

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶

Ubuntu

ImageMagick vulnerabilities↗2021-11-29

▶