oss-sec mailing list archives

Update CVE-2021-3610: ImageMagick

From: Bastien Roucariès <rouca () debian org>
Date: Mon, 29 May 2023 17:20:36 +0000

Hi,

I want to update status of CVE-2021-3610:

Contrary to common belief over the linux distribution this CVE affects imagemagick 6. It was introduced by commit 
b874d50070557eb98bdc6a3095ef4769af583dd2 for  6.9.10.88

Partial fixes:
Imagemagick6 <= 6.9.10-92 https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a
Imagemagick6 <= 6.9.11-10 https://github.com/ImageMagick/ImageMagick6/commit/7374894385161859ffbb84e280fcc89e7ae257e4
ImageMagick6 <= 6.9.11-54 https://github.com/ImageMagick/ImageMagick6/commit/cdb67005376bcc8cbb0b743fb22787794cd30eb
ImageMagick6 [1/2]: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6
Final fixes
ImageMagick6 [2/2]: https://github.com/ImageMagick/ImageMagick6/commit/c75ae771a00c38b757c5ef4b424b51e761b02552

I am not subscribed so cc me

Bastien

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Update CVE-2021-3610: ImageMagick Bastien Roucariès (May 29)
- RE: Update CVE-2021-3610 cpe_dictionary (Jun 05)