CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

Bug 1947019 (CVE-2021-20313) - CVE-2021-20313 ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c

Summary: CVE-2021-20313 ImageMagick: Cipher leak when the calculating signatures in Tr…

Keywords:

Status:

CLOSED NOTABUG

Alias:

CVE-2021-20313

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

low

Severity:

low

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

1947020 1947021 1947266

Blocks:

1946747 1946749

TreeView+

depends on / blocked

Reported:

2021-04-07 14:00 UTC by Pedro Sampaio

Modified:

2021-11-02 23:28 UTC (History)

CC List:

4 users (show)

Fixed In Version:

ImageMagick 7.0.11

Doc Type:

If docs needed, set a value

Doc Text:

A flaw was found in ImageMagick. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Clone Of:

Environment:

Last Closed:

2021-11-02 23:28:36 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Description Pedro Sampaio 2021-04-07 14:00:14 UTC

Potential cipher leak when the calculate signatures in TransformSignature in MagickCore/signature.c in ImageMagick before version 7.0.11.

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482

Comment 1 Pedro Sampaio 2021-04-07 14:00:59 UTC

Created ImageMagick tracking bugs for this issue:

Affects: epel-8 [bug 1947020] Affects: fedora-all [bug 1947021]

Note You need to log in before you can comment on or make changes to this bug.