CVE-2021-39212Resource Exposure in Imagemagick

CWE-668Resource ExposureCWE-362Race ConditionCWE-287Improper Authentication12 documents5 sources
Severity
3.6LOWNVD
OSV7.8OSV5.5
EPSS
0.0%
top 95.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedSep 13
Latest updateJul 25

Description

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `code

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.0 | Impact: 2.5

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
CVEListV5imagemagick/imagemagick< 6.9.12-22+1
NVDimagemagick/imagemagick6.9.12-06.9.12-22+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+10

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
OSV
CVE-2021-39212: ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both2021-09-13

📋Vendor Advisories

6
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Red Hat
ImageMagick: possible read or write in postscript files2021-09-13