CVE-2021-20313

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.11

Description A flaw was found in the TransformSignature function of ImageMagick, which could lead to a potential cipher leak when calculating signatures. This issue is related to the disclosure of information and could allow a remote attacker to access confidential data. The highest threat from this issue is to data confidentiality.

Recommendations For versions prior to 7.0.11, update to version 7.0.11 or later to resolve the issue. As a temporary workaround, consider disabling the TransformSignature function until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2023-5309

BDU:2021-05209

CVE-2021-20313

DLA-2672-1

DLA-3429-1

MGASA-2022-0446

OESA-2021-1198

OPENSUSE-SU-2021:0606-1

OPENSUSE-SU-2021_0606-1

SUSE-SU-2021:1276-1

SUSE-SU-2021:1277-1

SUSE-SU-2023:4634-1

USN-5158-1

USN-5736-1

USN-5736-2

USN-6200-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2021-20313

Weakness Enumeration

Related Identifiers

Affected Products

References · 134