CVE-2021-39212 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Access restriction bypass
Description	In ImageMagick before version 7.1.0-7, Postscript files could be read and written in certain cases when specifically excluded by a `module` policy in `policy.xml`.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2378	imagemagick	7.1.0.6-1	7.1.0.7-1	Medium	Fixed

References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68

Notes
Workaround ========== Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also the recommended workaround: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />

Notes

Workaround
==========

Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also the recommended workaround:

<policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />