Search for vulnerabilities
Vulnerability details: VCID-v2aa-82cp-aaab
Vulnerability ID VCID-v2aa-82cp-aaab
Aliases CVE-2021-3574
Summary A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
Status Published
Exploitability 0.5
Weighted Severity 3.0
Risk 1.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-401 Missing Release of Memory after Effective Lifetime
System Score Found at
cvssv3 3.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3574.json
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2021-3574
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=2124540
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3574
cvssv3.1 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3574
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3574.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792
https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9
https://github.com/ImageMagick/ImageMagick/issues/3540
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
1027164 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027164
2124540 https://bugzilla.redhat.com/show_bug.cgi?id=2124540
cpe:2.3:a:imagemagick:imagemagick:7.0.11-5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.0.11-5:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2021-3574 https://nvd.nist.gov/vuln/detail/CVE-2021-3574
USN-5736-1 https://usn.ubuntu.com/5736-1/
USN-USN-5736-2 https://usn.ubuntu.com/USN-5736-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3574.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03404
EPSS Score 0.00022
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.