CVE-2021-20313Sensitive Information Exposure in Imagemagick

CWE-200Sensitive Information Exposure15 documents6 sources
Severity
7.5HIGHNVD
OSV7.8OSV5.5
EPSS
0.2%
top 52.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedMay 11
Latest updateJul 25

Description

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
NVDimagemagick/imagemagick< 7.0.11-0
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u4+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.12+13
CVEListV5imagemagick/imagemagickImageMagick 7.0.11

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

7
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-vrm6-xcmv-x82r: A flaw was found in ImageMagick in versions before 72022-05-24

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2021-11-29