CVE-2021-39212 Information

Jun 07, 2022 cve

Description

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use copy modify and distribute in both open and proprietary applications. In affected versions and in certain cases Postscript files could be read and written when specifically excluded by a module policy in policy.xml. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately in the wild few users utilize the module policy and instead use the coder policy that is also our workaround recommendation: <policy domain=## CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.4

Share on: