Disclosure Date 2021/12/21

CVE-2021-4219

Remote Denial of Service (DoS) in ImageMagick

ImageMagickにおけるDoS(Denial of Service)

Credit

stypr (@stereotype32)

Affected-Versions

  • 6.9.10-23 and lower
  • 7.1.0-18 and lower

CWE

CWE-20

Description

Affected versions of this package are vulnerable to Denial of Service (DoS) via crafted SVG file which is submitted to the ImageMagick, to let ImageMagick hang forever from reading a file descriptor.

Product-URLs

https://imagemagick.org/

Reference

  • https://bugzilla.redhat.com/show_bug.cgi?id=2054611
  • https://github.com/ImageMagick/ImageMagick/issues/4626

Back