Ubuntu.comUB:CVE-2021-3610CVE-2021-3610
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.3%
A heap-based buffer overflow vulnerability was found in ImageMagick in
versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue
is due to an incorrect setting of the pixel array size, which can lead to a
crash and segmentation fault.
Notes
| Author | Note |
|---|---|
| alexmurray | Originally this was though to be an issue specific to IM7, but turns out it also applies to IM6 versions from 6.9.10.88. As such Ubuntu releases since jammy are likely affected. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | imagemagick | < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2 | UNKNOWN |
| ubuntu | 22.10 | noarch | imagemagick | < 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5 | UNKNOWN |
| ubuntu | 23.04 | noarch | imagemagick | < 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | imagemagick | < 8:6.9.11.60+dfsg-1.6ubuntu1 | UNKNOWN |
| ubuntu | 24.04 | noarch | imagemagick | < 8:6.9.11.60+dfsg-1.6ubuntu1 | UNKNOWN |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.3%