Disclosure Date 2021/12/21
CVE-2021-4219
Remote Denial of Service (DoS) in ImageMagick
ImageMagickにおけるDoS(Denial of Service)
Credit
stypr (@stereotype32)
Affected-Versions
- 6.9.10-23 and lower
- 7.1.0-18 and lower
CWE
CWE-20
Description
Affected versions of this package are vulnerable to Denial of Service (DoS) via crafted SVG file which is submitted to the ImageMagick, to let ImageMagick hang forever from reading a file descriptor.
Product-URLs
https://imagemagick.org/
Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=2054611
- https://github.com/ImageMagick/ImageMagick/issues/4626