Your submission was sent successfully! Close

CVE-2021-20312

Published: 11 May 2021

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Notes

AuthorNote
rayveldkamp
imagemagick is in universe from focal onwards
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
bionic
Released (8:6.9.7.4+dfsg-16ubuntu6.12)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty
Released (8:6.7.7.10-6ubuntu3.13+esm1)
upstream Needs triage

xenial
Released (8:6.8.9.9-7ubuntu5.16+esm1)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e