Candidate: CVE-2021-3962
PublicDate: 2021-11-19 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3962
 https://github.com/ImageMagick/ImageMagick/issues/4446
 https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
 https://bugzilla.redhat.com/show_bug.cgi?id=2023196
Description:
 A flaw was found in ImageMagick where it did not properly sanitize certain
 input before using it to invoke convert processes. This flaw allows an
 attacker to create a specially crafted image that leads to a use-after-free
 vulnerability when processed by ImageMagick. The highest threat from this
 vulnerability is to confidentiality, integrity, as well as system
 availability.
Ubuntu-Description:
Notes:
 mdeslaur>only affects 7.x
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
upstream_imagemagick: needs-triage
trusty_imagemagick: ignored (out of standard support)
xenial_imagemagick: ignored (out of standard support)
esm-infra/xenial_imagemagick: not-affected (7.x only)
bionic_imagemagick: not-affected (7.x only)
focal_imagemagick: not-affected (7.x only)
hirsute_imagemagick: not-affected (7.x only)
impish_imagemagick: not-affected (7.x only)
jammy_imagemagick: not-affected (7.x only)
devel_imagemagick: not-affected (7.x only)