Login Sign Up

CVE-2021-20312

7.5 HIGH

📋 TL;DR

This CVE describes an integer overflow vulnerability in ImageMagick's thumbnail generation function. Attackers can craft malicious image files that trigger undefined behavior when processed by applications using vulnerable ImageMagick versions, potentially causing crashes or denial of service. Systems running ImageMagick 7.0.11 or applications that use it for image processing are affected.

💻 Affected Systems

Products:
  • ImageMagick
Versions: 7.0.11
Operating Systems: Linux, Unix-like systems, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using ImageMagick library for image processing is vulnerable when handling crafted images.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or denial of service leading to application unavailability, potentially allowing further exploitation through memory corruption.

🟠

Likely Case

Application crash or denial of service when processing malicious images, disrupting image processing functionality.

🟢

If Mitigated

Minimal impact with proper input validation and sandboxing, though processing may still fail.

🌐 Internet-Facing: MEDIUM - Applications accepting user-uploaded images are vulnerable, but exploitation requires specific crafted files.
🏢 Internal Only: LOW - Requires malicious actors with access to upload images to internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific image files; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.11-1 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1946742

Restart Required: Yes

Instructions:

1. Update ImageMagick package using system package manager. 2. For Linux: 'sudo apt update && sudo apt upgrade imagemagick' (Debian/Ubuntu) or 'sudo yum update imagemagick' (RHEL/CentOS). 3. Restart applications using ImageMagick.

🔧 Temporary Workarounds

Disable thumbnail generation

all

Configure ImageMagick to skip thumbnail processing for untrusted images

Modify ImageMagick policy.xml to restrict thumbnail operations

Input validation

all

Implement strict file type validation before passing images to ImageMagick

🧯 If You Can't Patch

  • Implement strict file upload validation and sanitization
  • Run ImageMagick in sandboxed/containerized environments with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version: 'convert --version' or 'magick --version' and verify if version is 7.0.11

Check Version:

convert --version | head -1

Verify Fix Applied:

Verify updated version is 7.0.11-1 or later using version command

📡 Detection & Monitoring

Log Indicators:

  • ImageMagick process crashes
  • Application errors when processing images
  • Unusual memory usage patterns

Network Indicators:

  • Multiple failed image upload attempts
  • Unusual image file uploads

SIEM Query:

source="*imagemagick*" AND (error OR crash OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2021-20312
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-190
Published: May 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20312, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)