Vulnerability Details : CVE-2021-3574
Potential exploit
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
Products affected by CVE-2021-3574
- cpe:2.3:a:imagemagick:imagemagick:7.0.11-5:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3574
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3574
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2021-3574
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2021-3574
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/
[SECURITY] Fedora 35 Update: ImageMagick-6.9.12.63-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9
https://github.com/ImageMagick/ImageMagick/issues/3540 · ImageMagick/ImageMagick@c6ad94f · GitHubPatch;Third Party Advisory
-
https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792
https://github.com/ImageMagick/ImageMagick/issues/3540 · ImageMagick/ImageMagick6@cd7f9fb · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
[SECURITY] [DLA 3357-1] imagemagick security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
[SECURITY] Fedora 36 Update: ImageMagick-6.9.12.62-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/
[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.63-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/ImageMagick/ImageMagick/issues/3540
AddressSanitizer report LeakSanitizer: detected memory leaks when executing convert command · Issue #3540 · ImageMagick/ImageMagick · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to