Bug 2054611 (CVE-2021-4219) - CVE-2021-4219 imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file
Summary: CVE-2021-4219 imagemagick: remote DoS in MagicCore/draw.c via crafted SVG file
Keywords:
Status: NEW
Alias: CVE-2021-4219
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2054612 2054613
Blocks: 2054614 2054615
TreeView+ depends on / blocked
 
Reported: 2022-02-15 10:34 UTC by Marian Rehak
Modified: 2023-07-07 08:31 UTC (History)
5 users (show)

Fixed In Version: imagemagick 6.9.12-34, imagemagick 7.1.0-19
Doc Type: No Doc Update
Doc Text:
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Marian Rehak 2022-02-15 10:34:06 UTC
In order to successfully exploit this vulnerability, the attacker needs to submit a specially crafted SVG to the ImageMagick to let ImageMagick hang forever from reading a file descriptor. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SVG file.

Reference:

https://github.com/ImageMagick/ImageMagick/issues/4626

Comment 1 Marian Rehak 2022-02-15 10:34:30 UTC
Created ImageMagick tracking bugs for this issue:

Affects: epel-8 [bug 2054612]
Affects: fedora-all [bug 2054613]


Note You need to log in before you can comment on or make changes to this bug.