CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
29.4%
An integer overflow issue was discovered in ImageMagick’s
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the ‘unsigned char’. When ImageMagick processes a crafted
pdf file, this could lead to an undefined behaviour or a crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | imagemagick | < 8:6.9.7.4+dfsg-16ubuntu6.14 | UNKNOWN |
ubuntu | 20.04 | noarch | imagemagick | < 8:6.9.10.23+dfsg-2.1ubuntu11.9 | UNKNOWN |
ubuntu | 14.04 | noarch | imagemagick | < 8:6.7.7.10-6ubuntu3.13+esm3 | UNKNOWN |
ubuntu | 16.04 | noarch | imagemagick | < 8:6.8.9.9-7ubuntu5.16+esm5 | UNKNOWN |
github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6
github.com/ImageMagick/ImageMagick/pull/3083
github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d
launchpad.net/bugs/cve/CVE-2021-20224
nvd.nist.gov/vuln/detail/CVE-2021-20224
security-tracker.debian.org/tracker/CVE-2021-20224
ubuntu.com/security/notices/USN-5736-1
ubuntu.com/security/notices/USN-5736-2
ubuntu.com/security/notices/USN-6200-1
www.cve.org/CVERecord?id=CVE-2021-20224