Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-39212

Опубликовано: 13 сент. 2021
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a module policy in policy.xml. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the module policy and instead use the coder policy that is also our workaround recommendation: .

A flaw was found in ImageMagick in the Postscript File Handler component. An attacker could exploit this flaw which would, in some cases, lead to postscript files to be read and written to even when specifically excluded by a module policy in policy.xml.

Меры по смягчению последствий

Users are advised to use the coder policy instead of the module policy as a workaround.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=2009391ImageMagick: possible read or write in postscript files

EPSS

Процентиль: 4%
0.00018
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-39212

CVSS3: 4.4
ubuntu
больше 4 лет назад

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

nvd логотип

CVE-2021-39212

CVSS3: 4.4
nvd
больше 4 лет назад

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

debian логотип

CVE-2021-39212

CVSS3: 4.4
debian
больше 4 лет назад

ImageMagick is free software delivered as a ready-to-run binary distri ...

fstec логотип

BDU:2023-03836

CVSS3: 4.4
fstec
больше 4 лет назад

Уязвимость файла policy.xml консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 4%
0.00018
Низкий

4.4 Medium

CVSS3

Уязвимость CVE-2021-39212