Search for vulnerabilities
Vulnerability details: VCID-xsyh-1hgx-sqfv
Vulnerability ID VCID-xsyh-1hgx-sqfv
Aliases CVE-2021-20224
Summary An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20224.json
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.00025 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.00025 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2021-20224
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20224
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20224.json
https://api.first.org/data/v1/epss?cve=CVE-2021-20224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d
https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6
https://github.com/ImageMagick/ImageMagick/pull/3083
2124173 https://bugzilla.redhat.com/show_bug.cgi?id=2124173
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
CVE-2021-20224 https://nvd.nist.gov/vuln/detail/CVE-2021-20224
USN-5736-1 https://usn.ubuntu.com/5736-1/
USN-6200-1 https://usn.ubuntu.com/6200-1/
USN-USN-5736-2 https://usn.ubuntu.com/USN-5736-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20224.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20224
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03601
EPSS Score 0.0002
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:32:00.608989+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/community.json 37.0.0