ALT-PU-2022-6414-1
Package ImageMagick updated to version 6.9.12.64-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-01717
Уязвимость компонента coders/pcl.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-01719
Уязвимость функции RelinquishDCMInfo() компонента dcm.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
BDU:2023-01721
Уязвимость компонента coders/psd.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2023-01724
Уязвимость компонента MagickCore/property.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-1114
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
Modified: 2024-11-21
CVE-2022-1115
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-1115
- https://access.redhat.com/security/cve/CVE-2022-1115
- https://bugzilla.redhat.com/show_bug.cgi?id=2067022
- https://bugzilla.redhat.com/show_bug.cgi?id=2067022
- https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09
- https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09
- https://github.com/ImageMagick/ImageMagick/issues/4974
- https://github.com/ImageMagick/ImageMagick/issues/4974
- https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
- https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
Modified: 2024-11-21
CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
- https://access.redhat.com/security/cve/CVE-2022-3213
- https://access.redhat.com/security/cve/CVE-2022-3213
- https://bugzilla.redhat.com/show_bug.cgi?id=2126824
- https://bugzilla.redhat.com/show_bug.cgi?id=2126824
- https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
- https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
- https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
- https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
Modified: 2024-11-21
CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
- https://bugzilla.redhat.com/show_bug.cgi?id=2091811
- https://bugzilla.redhat.com/show_bug.cgi?id=2091811
- https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
- https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
- https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa
- https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update
Modified: 2024-11-21
CVE-2022-32546
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
- https://bugzilla.redhat.com/show_bug.cgi?id=2091812
- https://bugzilla.redhat.com/show_bug.cgi?id=2091812
- https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23
- https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23
- https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943
- https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update
Modified: 2024-11-21
CVE-2022-32547
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
- https://bugzilla.redhat.com/show_bug.cgi?id=2091813
- https://bugzilla.redhat.com/show_bug.cgi?id=2091813
- https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0
- https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0
- https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
- https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update
- [debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update