CVE-2021-3610Out-of-bounds Read in Imagemagick

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write10 documents7 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
0.2%
top 55.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedFeb 24
Latest updateJul 25

Description

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDimagemagick/imagemagick6.9.10.886.9.12-14+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u3+3
Ubuntuimagemagick/imagemagick< 8:6.9.10.23+dfsg-2.1ubuntu11.9+5
CVEListV5imagemagick/imagemagickImageMagick 7.0.11-14

Also affects: Fedora 34, Enterprise Linux 8.0

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
GHSA
GHSA-x4cj-7x5p-w7vf: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 72022-02-25
CVEList
CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 72022-02-24
OSV
CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 72022-02-24

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Red Hat
ImageMagick: heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c2021-05-27
Debian
CVE-2021-3610: imagemagick - A heap-based buffer overflow vulnerability was found in ImageMagick in versions ...2021
CVE-2021-3610 — Out-of-bounds Read in Imagemagick | cvebase