CVE-2021-39212
4.4 MEDIUMImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distri...
Published: 2021-09-13 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.4 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- CWE
- CWE-362, CWE-668
Affected products
| Vendor | Product |
|---|---|
| imagemagick | imagemagick |
Description
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39212
- [Patch]https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
- [Patch]https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
- [Other]https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
- [Other]https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
- [Patch]https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
- [Patch]https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
- [Other]https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
- [Other]https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
Related CVEs
Same vendor
- CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-53464 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
- CVE-2026-53463 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.3 MEDIUM)
- CVE-2026-53462 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-53461 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
Same CWE
- CVE-2025-13036 — An authentication bypass security issue exists within FactoryTalk Historian Site Edition
- CVE-2026-48708 — OliveTin gives access to predefined shell commands from a web interface (7.5 HIGH)
- CVE-2026-54229 — A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method (7.0 HIGH)
- CVE-2026-53826 — OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace ... (4.3 MEDIUM)
- CVE-2026-47141 — vm2 is an open source vm/sandbox for Node.js