What the vulnerability does

01Description

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Key dates

02Disclosure timeline

November 19, 2021 CVE published
August 3, 2024 Record updated