CVE-2021-3610

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.11-14

Description The issue is related to a heap-based buffer overflow vulnerability in the ReadTIFFImage() function of ImageMagick. This vulnerability is caused by an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 7.0.11-14, update to version 7.0.11-14 or later to resolve the issue. As a temporary workaround, consider disabling the ReadTIFFImage() function in coders/tiff.c until a patch is available.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2021-2404

ALT-PU-2022-1417

ALT-PU-2024-2243

BDU:2024-04884

CVE-2021-3610

DSA-5628-1

MGASA-2024-0064

USN-6200-1

Affected Products

Alt Linux

Imagemagick

Linuxmint

Red Os

Ubuntu

CVE-2021-3610

Weakness Enumeration

Related Identifiers

Affected Products

References · 47