First published: Mon Nov 29 2021(Updated: )
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20244) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. (CVE-2021-20313)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libmagick++-6.q16-7 | <8:6.9.7.4+dfsg-16ubuntu6.12 | 8:6.9.7.4+dfsg-16ubuntu6.12 |
=18.04 | ||
All of | ||
ubuntu/libmagick++-6.q16-5v5 | <8:6.8.9.9-7ubuntu5.16+esm1 | 8:6.8.9.9-7ubuntu5.16+esm1 |
=16.04 | ||
All of | ||
ubuntu/libmagick++5 | <8:6.7.7.10-6ubuntu3.13+esm1 | 8:6.7.7.10-6ubuntu3.13+esm1 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this ImageMagick vulnerability is CVE-2021-20244.
The severity of CVE-2021-20244 is not mentioned in the provided information.
The affected software for CVE-2021-20244 includes libmagick++-6.q16-7 version 8:6.9.7.4+dfsg-16ubuntu6.12 on Ubuntu 18.04.
To fix the CVE-2021-20244 vulnerability, update libmagick++-6.q16-7 to version 8:6.9.7.4+dfsg-16ubuntu6.12 or later.