Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-20224

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

Published

2022-08-25T20:15:08.873

Last Modified

2024-11-21T05:46:09.763

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	imagemagick	imagemagick	< 6.9.11-57	Yes
Application	imagemagick	imagemagick	< 7.0.10-57	Yes

References

https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 Patch, Third Party Advisory ([email protected])
https://github.com/ImageMagick/ImageMagick/pull/3083 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html ([email protected])
https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ImageMagick/ImageMagick/pull/3083 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html (af854a3a-2127-422b-91ae-364da2661108)