Vulnerability Description
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | 7.1.0-14 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2023196Issue TrackingPatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c7PatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/issues/4446Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2023196Issue TrackingPatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c7PatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/issues/4446Third Party Advisory
FAQ
What is CVE-2021-3962?
CVE-2021-3962 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that lead...
How severe is CVE-2021-3962?
CVE-2021-3962 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.