Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1081-1:D21F2
HistoryAug 31, 2017 - 10:47 a.m.

[SECURITY] [DLA 1081-1] imagemagick security update

2017-08-3110:47:38
lists.debian.org
44

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Package : imagemagick
Version : 6.7.7.10-5+deb7u16
CVE ID : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928
CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188
CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448
CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505
CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526
CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530
CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534
CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11639
CVE-2017-11640 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751
CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427
CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431
CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563
CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587
CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643
CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668
CVE-2017-12670 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676
CVE-2017-12877 CVE-2017-12983 CVE-2017-13133 CVE-2017-13134
CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144
CVE-2017-13146 CVE-2017-13658
Debian Bug : 867367 867896 867806 867808 867810 867811 867812 867798
867821 868264 868184 867721 867824 867826 867893 867823
867894 868263 869210 867748 868950 868469 869725 869726
869834 869711 869827 869712 870120 870065 870067 870016
870023 870480 870481 870525 869713 869727 869715 870491
870504 870530 870017 870115 870503 870526 870106 869796
870107 870502 870501 870489 870020 872609 870022 870118
872373 873134 873100 873099 870109 870105 870012 869728
870013 870019 869721 869722

This updates fixes numerous vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure or the
execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,
VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,
ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,
SFW, or XCF files are processed.

For Debian 7 "Wheezy", these problems have been fixed in version
6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian9i386imagemagick-6.q16-dbgsym< 8:6.9.7.4+dfsg-11+deb9u1imagemagick-6.q16-dbgsym_8:6.9.7.4+dfsg-11+deb9u1_i386.deb
Debian9mipselimagemagick< 8:6.9.7.4+dfsg-11+deb9u1imagemagick_8:6.9.7.4+dfsg-11+deb9u1_mipsel.deb
Debian9ppc64elimagemagick< 8:6.9.7.4+dfsg-11+deb9u1imagemagick_8:6.9.7.4+dfsg-11+deb9u1_ppc64el.deb
Debian9armhflibmagickcore-6.q16hdri-dev< 8:6.9.7.4+dfsg-11+deb9u1libmagickcore-6.q16hdri-dev_8:6.9.7.4+dfsg-11+deb9u1_armhf.deb
Debian8kfreebsd-i386libimage-magick-q16-perl< 8:6.8.9.9-5+deb8u10libimage-magick-q16-perl_8:6.8.9.9-5+deb8u10_kfreebsd-i386.deb
Debian8kfreebsd-i386libmagickwand-6.q16-dev< 8:6.8.9.9-5+deb8u10libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u10_kfreebsd-i386.deb
Debian9ppc64ellibmagickcore-6.q16hdri-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u1libmagickcore-6.q16hdri-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u1_ppc64el.deb
Debian9ppc64ellibmagickcore-6.q16-3-extra< 8:6.9.7.4+dfsg-11+deb9u1libmagickcore-6.q16-3-extra_8:6.9.7.4+dfsg-11+deb9u1_ppc64el.deb
Debian9amd64libmagickwand-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u1libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u1_amd64.deb
Debian8ppc64ellibmagick++-6.q16-dev< 8:6.8.9.9-5+deb8u10libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u10_ppc64el.deb
Rows per page:
1-10 of 5311

Related

nessus 32
openvas 34
osv 18
debian 6
ubuntu 1
cloudfoundry 1
fedora 25
ubuntucve 16
redhatcve 14
prion 16
cve 13
debiancve 9
suse 3
gentoo 1
veracode 10
nessus
nessus
Debian DLA-1081-1 : imagemagick security update
2017-09-01 00:00:00
Debian DSA-4019-1 : imagemagick - security update
2017-11-06 00:00:00
Debian DSA-3914-1 : imagemagick - security update
2017-07-19 00:00:00
openvas
openvas
Debian LTS: Security Advisory for imagemagick (DLA-1081-1)
2018-02-07 00:00:00
Debian Security Advisory DSA 4019-1 (imagemagick - security update)
2017-11-05 00:00:00
Debian Security Advisory DSA 3914-1 (imagemagick - security update)
2017-07-18 00:00:00
osv
osv
imagemagick - security update
2017-08-31 00:00:00
imagemagick - security update
2017-07-18 00:00:00
imagemagick - security update
2017-11-05 00:00:00
debian
debian
[SECURITY] [DSA 4019-1] imagemagick security update
2017-11-05 18:09:12
[SECURITY] [DSA 3914-1] imagemagick security update
2017-07-18 21:42:34
[SECURITY] [DSA 4204-1] imagemagick security update
2018-05-18 16:59:44
ubuntu
ubuntu
ImageMagick vulnerabilities
2017-07-24 00:00:00
cloudfoundry
cloudfoundry
USN-3363-1: ImageMagick vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: emacs-25.3-3.fc26
2017-09-19 03:27:23
[SECURITY] Fedora 26 Update: dmtx-utils-0.7.4-4.fc26
2017-09-19 03:27:20
[SECURITY] Fedora 26 Update: kxstitch-1.2.0-9.fc26
2017-09-19 03:27:28
ubuntucve
ubuntucve
CVE-2017-12641
2017-08-07 00:00:00
CVE-2017-11352
2017-07-17 00:00:00
CVE-2017-11534
2017-07-23 00:00:00
redhatcve
redhatcve
CVE-2017-11352
2017-07-17 14:20:52
CVE-2017-11528
2017-07-25 14:20:58
CVE-2017-11530
2017-07-25 14:19:39
prion
prion
Design/Logic Flaw
2017-07-17 13:18:00
Memory corruption
2017-07-23 03:29:00
Memory corruption
2017-08-07 21:29:00
cve
cve
CVE-2017-11352
2017-07-17 13:18:00
CVE-2017-12566
2017-08-05 18:29:00
CVE-2017-11535
2017-07-23 03:29:00
debiancve
debiancve
CVE-2017-11352
2017-07-17 13:18:00
CVE-2017-13146
2017-08-23 06:29:00
CVE-2017-12664
2017-08-07 21:29:00
suse
suse
Security update for ImageMagick (important)
2017-12-20 18:09:33
Security update for ImageMagick (important)
2017-12-22 21:12:06
Security update for ImageMagick (important)
2017-12-20 18:36:37
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2017-11-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-08-24 18:16:52
Denial Of Service (DoS) Through Memory Leak
2017-08-07 06:59:41
Denial Of Service (DoS)
2017-08-24 08:00:38

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON
Related for DEBIAN:DLA-1081-1:D21F2
nessus32openvas34osv18debian6ubuntu1cloudfoundry1fedora25ubuntucve16redhatcve14prion16cve13debiancve9suse3gentoo1veracode10