CVE-2021-3962: Use After Free
First published: Fri Nov 19 2021(Updated: )
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | =7.1.0-14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3962?
CVE-2021-3962 is a use-after-free vulnerability in ImageMagick.
How does CVE-2021-3962 affect ImageMagick?
CVE-2021-3962 affects ImageMagick versions 7.1.0-14 and earlier.
What is the severity of CVE-2021-3962?
CVE-2021-3962 has a severity score of 7.8 (high).
How can an attacker exploit CVE-2021-3962?
An attacker can exploit CVE-2021-3962 by creating a specially crafted image that triggers the use-after-free vulnerability when processed by ImageMagick.
Is there a fix for CVE-2021-3962?
Yes, a fix for CVE-2021-3962 is available in newer versions of ImageMagick.
- collector/nvd-index
- agent/author
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.1.0-14