CVE-2021-3610

Published: 24 February 2022

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Ignored (reached end-of-life)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (code not present)

Notes

Author	Note
mdeslaur	IM7 specific issue

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›