OESA-2022-2091

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2091

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-2091.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-2091

Upstream

CVE-2021-3596

CVE-2021-39212

Published

2022-11-11T11:04:36Z

Modified

2025-08-12T05:09:05.997366Z

Summary

ImageMagick security update

Details

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a module policy in policy.xml. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the module policy and instead use the coder policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.(CVE-2021-39212)

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS / ImageMagick

Package

Name: ImageMagick
Purl: pkg:rpm/openEuler/ImageMagick&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.0.28-4.oe2203

Ecosystem specific

{
    "src": [
        "ImageMagick-7.1.0.28-4.oe2203.src.rpm"
    ],
    "x86_64": [
        "ImageMagick-debuginfo-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-debugsource-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-help-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-c++-devel-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-perl-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-devel-7.1.0.28-4.oe2203.x86_64.rpm",
        "ImageMagick-c++-7.1.0.28-4.oe2203.x86_64.rpm"
    ],
    "aarch64": [
        "ImageMagick-debuginfo-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-devel-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-perl-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-debugsource-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-c++-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-c++-devel-7.1.0.28-4.oe2203.aarch64.rpm",
        "ImageMagick-help-7.1.0.28-4.oe2203.aarch64.rpm"
    ]
}