Lucene search

K
debianDebianDEBIAN:DLA-1795-1:08F77
HistoryMay 20, 2019 - 9:55 a.m.

[SECURITY] [DLA 1795-1] graphicsmagick security update

2019-05-2009:55:18
lists.debian.org
122
graphicsmagick
debian 8
jessie
security update
vulnerabilities
buffer overflow
remote attackers
denial of service
crafted files
xwd module

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.006

Percentile

79.3%

Package : graphicsmagick
Version : 1.3.20-3+deb8u7
CVE ID : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506

Multiple vulnerabilities have been discovered in graphicsmagick, the image
processing toolkit:

CVE-2019-11473

The WriteMATLABImage function (coders/mat.c) is affected by a heap-based
buffer overflow. Remote attackers might leverage this vulnerability to
cause denial of service or any other unspecified impact via crafted Matlab
matrices.

CVE-2019-11474

The WritePDBImage function (coders/pdb.c) is affected by a heap-based
buffer overflow. Remote attackers might leverage this vulnerability to
cause denial of service or any other unspecified impact via a crafted Palm
Database file.

CVE-2019-11505
CVE-2019-11506

The XWD module (coders/xwd.c) is affected by multiple heap-based
buffer overflows and arithmetic exceptions. Remote attackers might leverage
these various flaws to cause denial of service or any other unspecified
impact via crafted XWD files.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.20-3+deb8u7.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.006

Percentile

79.3%