Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1131-1:F4DB2
HistoryOct 11, 2017 - 2:59 a.m.

[SECURITY] [DLA 1131-1] imagemagick security update

2017-10-1102:59:21
lists.debian.org
31

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

77.9%

JSON

Package : imagemagick
Version : 8:6.7.7.10-5+deb7u17
CVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875
CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060
CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
CVE-2017-14224 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
CVE-2017-14505 CVE-2017-14607 CVE-2017-14682 CVE-2017-14739
CVE-2017-14741 CVE-2017-14989 CVE-2017-15016 CVE-2017-15017
Debian Bug : 873871 875338 875339 875341 875352 875502 875503 875504
875506 876097 876099 876105 876488

This updates fixes numerous vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure, or the
execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,
PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types
of files are processed.

For Debian 7 "Wheezy", these problems have been fixed in version
8:6.7.7.10-5+deb7u17.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian9armellibmagick++-6.q16-7< 8:6.9.7.4+dfsg-11+deb9u10libmagick++-6.q16-7_8:6.9.7.4+dfsg-11+deb9u10_armel.deb
Debian9i386libimage-magick-q16-perl< 8:6.9.7.4+dfsg-11+deb9u10libimage-magick-q16-perl_8:6.9.7.4+dfsg-11+deb9u10_i386.deb
Debian8allimagemagick-doc< 8:6.8.9.9-5+deb8u16imagemagick-doc_8:6.8.9.9-5+deb8u16_all.deb
Debian9i386libmagickwand-6.q16hdri-dev< 8:6.9.7.4+dfsg-11+deb9u10libmagickwand-6.q16hdri-dev_8:6.9.7.4+dfsg-11+deb9u10_i386.deb
Debian8i386libmagickcore-6.q16-dev< 8:6.8.9.9-5+deb8u16libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u16_i386.deb
Debian9armellibmagick++-6.q16-dev< 8:6.9.7.4+dfsg-11+deb9u10libmagick++-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u10_armel.deb
Debian7amd64libmagickcore5< 8:6.7.7.10-5+deb7u17libmagickcore5_8:6.7.7.10-5+deb7u17_amd64.deb
Debian9arm64imagemagick-6.q16< 8:6.9.7.4+dfsg-11+deb9u10imagemagick-6.q16_8:6.9.7.4+dfsg-11+deb9u10_arm64.deb
Debian8armellibmagickwand-6.q16-dev< 8:6.8.9.9-5+deb8u16libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u16_armel.deb
Debian8allperlmagick< 8:6.8.9.9-5+deb8u16perlmagick_8:6.8.9.9-5+deb8u16_all.deb
Rows per page:
1-10 of 2151

Related

openvas 16
nessus 18
osv 23
debian 4
gentoo 1
veracode 19
redhatcve 23
prion 22
cve 19
debiancve 22
ubuntucve 20
fedora 10
freebsd 1
suse 1
openvas
openvas
Debian: Security Advisory (DLA-1131-1)
2018-02-06 00:00:00
Debian: Security Advisory (DSA-4032-1)
2017-11-11 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2017-1258)
2020-01-23 00:00:00
nessus
nessus
Debian DLA-1131-1 : imagemagick security update
2017-10-11 00:00:00
Debian DSA-4032-1 : imagemagick - security update
2017-11-13 00:00:00
EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2017-1258)
2017-11-01 00:00:00
osv
osv
imagemagick - security update
2017-10-10 00:00:00
imagemagick - security update
2017-11-12 00:00:00
imagemagick - security update
2020-09-07 00:00:00
debian
debian
[SECURITY] [DSA 4032-1] imagemagick security update
2017-11-12 10:45:50
[SECURITY] [DLA 1785-1] imagemagick security update
2019-05-14 10:40:29
[SECURITY] [DLA 2366-1] imagemagick security update
2020-09-07 21:24:40
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2017-11-11 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-09-29 10:12:33
Denial Of Service (DoS) Through Infinite Loop
2017-09-27 02:55:23
Denial Of Service (DoS)
2020-12-06 03:43:57
redhatcve
redhatcve
CVE-2017-14989
2017-10-10 12:51:00
CVE-2017-14739
2017-10-10 09:49:07
CVE-2017-14172
2017-09-08 08:00:26
prion
prion
Design/Logic Flaw
2017-09-26 02:29:00
Design/Logic Flaw
2017-09-07 06:29:00
Out-of-bounds
2017-09-20 17:29:00
cve
cve
CVE-2017-14173
2017-09-07 06:29:00
CVE-2017-14175
2017-09-07 06:29:00
CVE-2017-14739
2017-09-26 02:29:00
debiancve
debiancve
CVE-2017-14739
2017-09-26 02:29:00
CVE-2017-14741
2017-09-26 02:29:00
CVE-2017-14989
2017-10-03 01:29:00
ubuntucve
ubuntucve
CVE-2017-14175
2017-09-07 00:00:00
CVE-2017-14739
2017-09-25 00:00:00
CVE-2017-15017
2017-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.22-1.fc27
2017-11-14 09:27:51
[SECURITY] Fedora 26 Update: ImageMagick-6.9.9.22-1.fc26
2017-11-15 20:24:01
[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-7.fc26
2017-10-10 21:23:45
freebsd
freebsd
ImageMagick -- denial of service via a crafted font file
2017-09-21 00:00:00
suse
suse
Security update for ImageMagick (important)
2017-12-22 21:12:06

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

77.9%

JSON
Related for DEBIAN:DLA-1131-1:F4DB2
openvas16nessus18osv23debian4gentoo1veracode19redhatcve23prion22cve19debiancve22ubuntucve20fedora10freebsd1suse1