ALT-PU-2019-2660-1
Package ImageMagick updated to version 6.9.10.63-alt1 for branch sisyphus in task 237261.
Closed vulnerabilities
Published: 2020-04-29
Modified: 2023-11-21
Modified: 2023-11-21
BDU:2020-01864
Уязвимость функции ReadCUTImage консольного графического редактора ImageMagick, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2017-01-18
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-6823
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/26/3
- http://www.securityfocus.com/bid/93158
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504
- https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
- http://www.openwall.com/lists/oss-security/2016/09/26/3
- http://www.securityfocus.com/bid/93158
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504
- https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
Published: 2019-07-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13135
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
- https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
- https://github.com/ImageMagick/ImageMagick/issues/1599
- https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
- https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://support.f5.com/csp/article/K20336394
- https://support.f5.com/csp/article/K20336394?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4192-1/
- https://www.debian.org/security/2020/dsa-4712
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
- https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
- https://github.com/ImageMagick/ImageMagick/issues/1599
- https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
- https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://support.f5.com/csp/article/K20336394
- https://support.f5.com/csp/article/K20336394?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4192-1/
- https://www.debian.org/security/2020/dsa-4712
Published: 2019-07-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13137
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
- https://github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34
- https://github.com/ImageMagick/ImageMagick/issues/1601
- https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
- https://usn.ubuntu.com/4192-1/
- https://www.debian.org/security/2020/dsa-4712
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
- https://github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34
- https://github.com/ImageMagick/ImageMagick/issues/1601
- https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
- https://usn.ubuntu.com/4192-1/
- https://www.debian.org/security/2020/dsa-4712
Published: 2019-10-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-17541
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827
- https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493
- https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55
- https://github.com/ImageMagick/ImageMagick/issues/1641
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827
- https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493
- https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55
- https://github.com/ImageMagick/ImageMagick/issues/1641