VuXML: ImageMagick7 -- multiple vulnerabilities

VuXML ID	a7c60af1-b3f1-11eb-a5f7-a0f3c100ae18
Discovery	2020-10-27
Entry	2021-05-13

CVE reports:

Several vulnerabilities have been discovered in ImageMagick:

CVE-2021-20313: A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible.

CVE-2021-20312: A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick.

CVE-2021-20311: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick.

CVE-2021-20310: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick.

CVE-2021-20309: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick.

And several others…

[source]

CVE Name	CVE-2020-27829
CVE Name	CVE-2020-29599
CVE Name	CVE-2021-20176
CVE Name	CVE-2021-20241
CVE Name	CVE-2021-20243
CVE Name	CVE-2021-20244
CVE Name	CVE-2021-20245
CVE Name	CVE-2021-20246
CVE Name	CVE-2021-20309
CVE Name	CVE-2021-20310
CVE Name	CVE-2021-20311
CVE Name	CVE-2021-20312
CVE Name	CVE-2021-20313

ImageMagick7 -- multiple vulnerabilities

Details

References