ImageMagick Vulnerability in Data Processing
CVE-2021-20313

7.5HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 11 May 2021

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2021-20313?

A security flaw was discovered in ImageMagick, particularly in versions prior to 7.0.11. This vulnerability arises from a potential cipher leak during signature calculations in the TransformSignature process. The main threat posed by this issue is the compromise of data confidentiality, which could allow unauthorized access to sensitive information processed by affected versions of the software.

Affected Version(s)

ImageMagick ImageMagick 7.0.11

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947019

https://lists.debian.org/debian-lts-announce/2021/06/msg0...

mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg0...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Dec 17, 2020