CVE-2021-39212

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

CVSS v3 3.6 LOW
CVSS v2.0 3.6 LOW

3.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68	Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e	Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

History

No history.

Information

Published : 2021-09-13 18:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-39212

Mitre link : CVE-2021-39212

CVE.ORG link : CVE-2021-39212

JSON object : View

Products Affected

imagemagick

imagemagick

CWE

CWE-668

Exposure of Resource to Wrong Sphere

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2021-39212", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}]}, "published": "2021-09-13T18:15:23.907", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html", "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain=\"module\" rights=\"none\" pattern=\"PS\" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain=\"coder\" rights=\"none\" pattern=\"{PS,EPI,EPS,EPSF,EPSI}\" />."}, {"lang": "es", "value": "ImageMagick es un software libre que se entrega como una distribuci\u00f3n binaria lista para ser ejecutada o como un c\u00f3digo fuente que se puede usar, copiar, modificar y distribuir tanto en aplicaciones abiertas como propietarias. En las versiones afectadas y en determinados casos, los archivos Postscript pod\u00edan leerse y escribirse cuando se exclu\u00edan espec\u00edficamente mediante una pol\u00edtica de \"module\" en \"policy.xml\". ex. (policy domain=\"module\" rights=\"none\" pattern=\"PS\" /). El problema ha sido resuelto en ImageMagick versiones 7.1.0-7 y en 6.9.12-22. Afortunadamente, en la naturaleza, pocos usuarios usan la pol\u00edtica \"module\" y en su lugar usan la pol\u00edtica \"coder\" que es tambi\u00e9n nuestra recomendaci\u00f3n de soluci\u00f3n: (policy domain=\"coder\" rights=\"none\" pattern=\"{PS,EPI,EPS,EPSF,EPSI}\" /)"}], "lastModified": "2023-05-22T02:15:10.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF324E5C-BBC3-4F30-878E-EEBBAC19EBA3", "versionEndExcluding": "6.9.12-22", "versionStartIncluding": "6.9.12-0"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11251438-4BED-4401-8033-B2F084031287", "versionEndExcluding": "7.1.0-7", "versionStartIncluding": "7.1.0-0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}