Branch p8 update bulletin.

Package ImageMagick updated to version 6.9.4.7-alt1 for branch p8 in task 165559.

Published: 2017-03-15

BDU:2017-00619

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю подделать межсайтовые запросы

Severity: MEDIUM (4.3)

References:

Published: 2017-03-15

BDU:2017-00620

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

Published: 2017-03-23

BDU:2017-00693

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)

References:

Published: 2017-03-23

BDU:2017-00703

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.8)

References:

Published: 2017-03-23

BDU:2017-00705

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.1)

References:

Published: 2017-03-03

BDU:2017-00885

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)

References:

Published: 2017-03-03

BDU:2017-00886

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)

References:

Published: 2017-03-03

BDU:2017-00888

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

Published: 2017-03-03

BDU:2017-00892

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2015-8895

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-02-28
Modified: 2024-11-21

CVE-2015-8900

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-23
Modified: 2024-11-21

CVE-2016-10047

Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-23
Modified: 2024-11-21

CVE-2016-10049

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-03-23
Modified: 2024-11-21

CVE-2016-10059

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10060

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10066

Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10067

magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10069

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10070

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10071

coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2016-06-10
Modified: 2024-11-21

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5687

The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5689

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5690

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5691

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-02-15
Modified: 2024-11-21

CVE-2016-8862

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2016-5118

Version: 2.1.0

Branch p8 update on 2016-06-07

ALT-BU-2016-2814-1

ALT-PU-2016-1581-1

Closed vulnerabilities

BDU:2017-00619

BDU:2017-00620

BDU:2017-00693

BDU:2017-00703

BDU:2017-00705

BDU:2017-00885

BDU:2017-00886

BDU:2017-00888

BDU:2017-00892

CVE-2015-8895

CVE-2015-8896

CVE-2015-8900

CVE-2016-10047

CVE-2016-10049

CVE-2016-10059

CVE-2016-10060

CVE-2016-10066

CVE-2016-10067

CVE-2016-10069

CVE-2016-10070

CVE-2016-10071

CVE-2016-5118

CVE-2016-5687

CVE-2016-5688

CVE-2016-5689

CVE-2016-5690

CVE-2016-5691

CVE-2016-8862

Closed bugs

Bug #32174