CVE-2021-3610

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

26 Jun 2023, 18:56

Type Values Removed Values Added
CWE CWE-125 CWE-787
References (MLIST) http://www.openwall.com/lists/oss-security/2023/05/29/4 - Mailing List (MLIST) http://www.openwall.com/lists/oss-security/2023/05/29/4 - Mailing List, Patch
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1973689 - Issue Tracking, Patch, Release Notes, Third Party Advisory (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1973689 - Issue Tracking, Patch, Third Party Advisory

06 Jun 2023, 14:01

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2023/05/29/4 - (MLIST) http://www.openwall.com/lists/oss-security/2023/05/29/4 - Mailing List
References (MLIST) http://www.openwall.com/lists/oss-security/2023/06/05/1 - (MLIST) http://www.openwall.com/lists/oss-security/2023/06/05/1 - Mailing List, Patch

05 Jun 2023, 18:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2023/06/05/1 -

29 May 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2023/05/29/4 -

Information

Published : 2022-02-24 19:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-3610

Mitre link : CVE-2021-3610

CVE.ORG link : CVE-2021-3610


JSON object : View

Products Affected

redhat

  • enterprise_linux

fedoraproject

  • fedora

imagemagick

  • imagemagick
CWE
CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read