CVE-2021-3574

Published: Aug 26, 2022Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

Affected (4)

Products: Imagemagick: Imagemagick · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.11-5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (14)

https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/3540

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/

Source: secalert@redhat.com

https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/3540

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.