PT-2021-4555 · Unknown+5 · Imagemagick+5

Pedro Sampaio

Published

2021-02-26

Updated

2024-06-15

CVE-2021-20312

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.11

Description A flaw was found in ImageMagick, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file submitted by an attacker and processed by an application using ImageMagick. The highest threat from this issue is to system availability. Exploitation of the flaw may allow a remote attacker to cause a denial of service using a specially crafted image file.

Recommendations For ImageMagick version 7.0.11, consider disabling the WriteTHUMBNAILImage function in coders/thumbnail.c as a temporary workaround to minimize the risk of exploitation until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-5309

BDU:2021-05223

CVE-2021-20312

DLA-2672-1

DLA-3429-1

MGASA-2022-0446

OESA-2021-1198

OPENSUSE-SU-2021:0606-1

OPENSUSE-SU-2021_0606-1

OPENSUSE-SU-2024:11564-1

SUSE-SU-2021:1276-1

SUSE-SU-2021:1277-1

SUSE-SU-2023:4634-1

USN-5158-1

USN-5736-1

USN-5736-2

USN-6200-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

PT-2021-4555 · Unknown+5 · Imagemagick+5

CVE-2021-20312

Weakness Enumeration

Related Identifiers

Affected Products

References · 159