CVE-2021-20224

2022-08-2500:00:00

CWE-190

redhat

www.cve.org

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the ‘unsigned char’. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ImageMagick",
    "versions": [
      {
        "version": "Fixed in ImageMagick-7.0.10-57, ImageMagick6-6.9.11-57",
        "status": "affected"
      }
    ]
  }
]