Candidate: CVE-2021-3610
PublicDate: 2022-02-24 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
Description:
 A heap-based buffer overflow vulnerability was found in ImageMagick in
 versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue
 is due to an incorrect setting of the pixel array size, which can lead to a
 crash and segmentation fault.
Ubuntu-Description:
Notes:
 mdeslaur> IM7 specific issue
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
upstream_imagemagick: needs-triage
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: ignored (out of standard support)
esm-infra/xenial_imagemagick: not-affected (code not present)
bionic_imagemagick: not-affected (code not present)
focal_imagemagick: not-affected (code not present)
groovy_imagemagick: ignored (reached end-of-life)
hirsute_imagemagick: not-affected (code not present)
impish_imagemagick: not-affected (code not present)
jammy_imagemagick: not-affected (code not present)
devel_imagemagick: not-affected (code not present)