Fluid Attacks Database

Description

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	imagemagick	>=0 <8:6.9.11.57+dfsg-1	8:6.9.11.57+dfsg-1
debian 12	imagemagick	>=0 <8:6.9.11.57+dfsg-1	8:6.9.11.57+dfsg-1
debian 13	imagemagick	>=0 <8:6.9.11.57+dfsg-1	8:6.9.11.57+dfsg-1
debian 14	imagemagick	>=0 <8:6.9.11.57+dfsg-1	8:6.9.11.57+dfsg-1
rpm rhel7	ImageMagick	-	-

Aliases

1. CVE-2021-202242. NVD-2021-202243. OSV-DEBIAN-2021-202244. OSV-2021-202245. SECURITY-TRACKER-CVE-2021-20224

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.