CVE-2021-20313

CVE-2021-20313

Name

CVE-2021-20313

Description

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1947019
MLIST	https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1947019

MLIST

https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:imagemagick:imagemagick::::::::`	imagemagick	>= None	< 7.0.11-0:
`cpe:2.3:a:imagemagick:imagemagick::::::::`	imagemagick	>= None	< 7.0.11-0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

imagemagick

>= None

< 7.0.11-0:

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

imagemagick

>= None

< 7.0.11-0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
imagemagick	edge-community	7.0.11.13-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
imagemagick	edge-community	7.0.11.9-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
imagemagick	edge-community	7.0.11.1-r0	None	fixed
imagemagick	edge-community	7.0.10.57-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.42-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.35-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.31-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.18-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.8-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.10.0-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.9.7-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.62-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.56-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.53-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.44-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.38-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.11.9-r0	None	fixed
imagemagick	3.22-community	7.0.11.1-r0	None	fixed
imagemagick	3.22-community	7.0.10.57-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.42-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.35-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.31-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.18-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.8-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.10.0-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.9.7-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.62-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.56-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.53-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.44-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.38-r0	None	possibly vulnerable
imagemagick	3.21-community	7.0.11.1-r0	None	fixed
imagemagick	3.20-community	7.0.11.1-r0	None	fixed
imagemagick	3.19-community	7.0.11.1-r0	None	fixed
imagemagick	3.18-community	7.0.11.1-r0	None	fixed
imagemagick	3.17-community	7.0.11.1-r0	None	fixed
imagemagick	3.10-main	7.0.8.68-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

imagemagick

edge-community

7.0.11.13-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

imagemagick

edge-community