First published: Thu Aug 25 2022(Updated: )
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick | <6.9.11-57 | |
ImageMagick | >=7.0.0-0<7.0.10-57 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.43+dfsg1-1 8:7.1.1.46+dfsg1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20224 is medium.
CVE-2021-20224 affects ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c.
The impact of CVE-2021-20224 is an integer overflow issue which could lead to values outside the range of representable for the 'unsigned char' when processing a crafted pdf file.
ImageMagick versions 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.7.7.10-6ubuntu3.13+, 8:6.9.11.57+dfsg-1, and 8:6.8.9.9-7ubuntu5.16+ are affected by CVE-2021-20224.
To fix CVE-2021-20224 in ImageMagick, update to the recommended versions: 8:6.9.10.23+dfsg-2.1ubuntu11.9, 8:6.9.7.4+dfsg-16ubuntu6.14, 8:6.7.7.10-6ubuntu3.13+, 8:6.9.11.57+dfsg-1, or 8:6.8.9.9-7ubuntu5.16+.