{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-20312", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:37:23.585Z", "dateReserved": "2020-12-17T00:00:00", "datePublished": "2021-05-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability."}], "affected": [{"vendor": "n/a", "product": "ImageMagick", "versions": [{"version": "ImageMagick 7.0.11", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946742"}, {"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"}, {"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-190", "cweId": "CWE-190"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.585Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946742", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"}, {"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC183293-293D-4054-8FA4-7F9A37A12D5F", "versionEndExcluding": "7.0.11-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en ImageMagick en versiones 7.0.11, donde un desbordamiento de enteros en la funci\u00f3n WriteTHUMBNAILImage del archivo coders/humbnail.c puede desencadenar un comportamiento indefinido por medio de un archivo de imagen dise\u00f1ado que es enviado por un atacante y procesado por una aplicaci\u00f3n que usa ImageMagick. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2021-20312", "lastModified": "2023-05-22T02:15:10.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-11T23:15:08.850", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946742"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c", "id": "1946742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946742"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.", "A flaw was found in ImageMagick, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability."], "name": "CVE-2021-20312", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2021-02-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20312\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20312"], "statement": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. It does not affect Red Hat Enterprise Linux 8 because the ImageMagick package is not shipped. To learn more about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/ .", "threat_severity": "Low", "upstream_fix": "ImageMagick 7.0.11"}