Lucene search

K
debianDebianDEBIAN:DLA-1229-1:CF413
HistoryJan 04, 2018 - 10:17 a.m.

[SECURITY] [DLA 1229-1] imagemagick security update

2018-01-0410:17:43
lists.debian.org
27

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

Package : imagemagick
Version : 8:6.7.7.10-5+deb7u20
CVE ID : CVE-2017-1000445, CVE-2017-1000476
Debian Bug : #886281

It was discovered that there were two vulnerabilities in the imagemagick
image manipulation program:

CVE-2017-1000445: A null pointer dereference in the MagickCore
component which could lead to denial of service.

CVE-2017-1000476: A potential denial of service attack via CPU
exhaustion.

For Debian 7 "Wheezy", this issue has been fixed in imagemagick version
8:6.7.7.10-5+deb7u20.

We recommend that you upgrade your imagemagick packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      [email protected] / chris-lamb.co.uk
   `-

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

Related for DEBIAN:DLA-1229-1:CF413