CVE-2021-39212

Updated: 2023-11-04 20:52:00.773438

Description:

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 3.6
CVSS Version 3.x LOW 3.6

Status

OS name Project name Version Score Severity Status Errata Last updated
Ubuntu 16.04 ELS imagemagick 6.8.9.9-7 3.6 LOW Not Vulnerable 2022-11-25 07:21:44
Ubuntu 18.04 ELS imagemagick 6.9.7.4 3.6 LOW Not Vulnerable 2023-11-06 04:12:55