CVE-2021-3574

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.11-5

Description A vulnerability was found in ImageMagick, where executing a crafted file with the convert command, ASAN detects memory leaks. The issue is related to incorrect memory deallocation before removing the last reference, which can be exploited by an attacker to cause a denial of service using a specially crafted file.

Recommendations For ImageMagick version 7.0.11-5, consider updating to a newer version that contains a fix for this issue, as the current version is affected by memory leaks when executing crafted files with the convert command. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2023-04782

CVE-2021-3574

DLA-3357-1

DLA-3357-2

MGASA-2022-0446

OPENSUSE-SU-2022_3552-1

SUSE-SU-2022:3552-1

SUSE-SU-2022_3552-1

USN-5736-1

USN-5736-2

Affected Products

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2021-3574

Weakness Enumeration

Related Identifiers

Affected Products

References · 65