Input Validation Flaw in ImageMagick Impacting Image Processing
CVE-2021-3962

7.8HIGH

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
19 November 2021

What is CVE-2021-3962?

A vulnerability exists in ImageMagick due to improper sanitization of input before invoking image conversion processes. This flaw can be exploited by crafting a malicious image, resulting in a use-after-free condition during its processing. Attackers may leverage this vulnerability to compromise the confidentiality, integrity, and availability of the system, posing significant risks to users and applications utilizing ImageMagick for image processing.

Affected Version(s)

ImageMagick 7.1.0-14

References

https://bugzilla.redhat.com/show_bug.cgi?id=2023196
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/commit/82775af...
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/issues/4446
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.