Published: 19/11/2021 Updated: 28/11/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an malicious user to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 7.1.0-14

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick The highest threat from this vulnerability is to confidentiality, integrity, as wel ...

A security issue was found in ImageMagick before version 710-14 where it did not properly sanitize certain input before using it to invoke convert processes This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick ...

CWE-416 https://bugzilla.redhat.com/show_bug.cgi?id=2023196 https://github.com/ImageMagick/ImageMagick/issues/4446 https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-3962 https://security.archlinux.org/CVE-2021-3962

CVE-2021-3962

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect