Lucene search

K
centosCentOS ProjectCESA-2023:5461
HistoryJan 17, 2024 - 8:06 p.m.

ImageMagick security update

2024-01-1720:06:49
CentOS Project
lists.centos.org
39
imagemagick
centos
security update
dos
cve-2021-40211
x window system
cvss score

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

23.4%

CentOS Errata and Security Advisory CESA-2023:5461

ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.

Security Fix(es):

  • ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2024-January/099209.html

Affected packages:
ImageMagick
ImageMagick-c++
ImageMagick-c+±devel
ImageMagick-devel
ImageMagick-doc
ImageMagick-perl

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:5461

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

23.4%