Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-242-1:7A1FC
HistoryJun 11, 2015 - 8:08 p.m.

[SECURITY] [DLA 242-1] imagemagick security update

2015-06-1120:08:07
lists.debian.org
9

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Package : imagemagick
Version : 8:6.6.0.4-3+squeeze6
CVE ID : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562
Debian Bug : #773834 #767240 #683285 #692367

This update fixes a large number of potential security problems due to
insufficient data validation when parsing different input
formats. Most of those potential security problems do not have a CVE
number assigned.

While the security implications of all of these problems are not all
fully known, it is highly recommended to update.

The update fixes the following identified vulnerabilities:

CVE-2012-3437

Incorrect validation of PNG buffer size, leading to DoS using

specially crafted PNG files.

CVE-2014-8354

Out of bounds memory access in resize

CVE-2014-8355

Buffer overflow in PCX reader

CVE-2014-8562

Buffer overflow in DCM readers
OSVersionArchitecturePackageVersionFilename
Debian7amd64imagemagick-dbg< 8:6.7.7.10-5+deb7u13imagemagick-dbg_8:6.7.7.10-5+deb7u13_amd64.deb
Debian7i386libmagickcore-dev< 8:6.7.7.10-5+deb7u13libmagickcore-dev_8:6.7.7.10-5+deb7u13_i386.deb
Debian6amd64libmagickcore-dev< 8:6.6.0.4-3+squeeze6libmagickcore-dev_8:6.6.0.4-3+squeeze6_amd64.deb
Debian7armhflibmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_armhf.deb
Debian7amd64libmagickcore5-extra< 8:6.7.7.10-5+deb7u13libmagickcore5-extra_8:6.7.7.10-5+deb7u13_amd64.deb
Debian6amd64perlmagick< 8:6.6.0.4-3+squeeze6perlmagick_8:6.6.0.4-3+squeeze6_amd64.deb
Debian7armhfimagemagick< 8:6.7.7.10-5+deb7u13imagemagick_8:6.7.7.10-5+deb7u13_armhf.deb
Debian7amd64imagemagick< 8:6.7.7.10-5+deb7u13imagemagick_8:6.7.7.10-5+deb7u13_amd64.deb
Debian6amd64libmagickcore3-extra< 8:6.6.0.4-3+squeeze6libmagickcore3-extra_8:6.6.0.4-3+squeeze6_amd64.deb
Debian7i386libmagickwand-dev< 8:6.7.7.10-5+deb7u13libmagickwand-dev_8:6.7.7.10-5+deb7u13_i386.deb
Rows per page:
1-10 of 651

Related

openvas 19
osv 2
nessus 18
securityvulns 4
mageia 2
fedora 4
veracode 3
prion 4
cve 4
ubuntucve 4
debiancve 4
ubuntu 2
debian 1
openvas
openvas
Debian: Security Advisory (DLA-242-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1631-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2014-0482)
2022-01-28 00:00:00
osv
osv
imagemagick - security update
2015-06-11 00:00:00
imagemagick - security update
2017-05-28 00:00:00
nessus
nessus
Debian DLA-242-1 : imagemagick security update
2015-06-12 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1396-1)
2014-11-13 00:00:00
SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)
2014-12-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:226 ] imagemagick
2014-11-30 00:00:00
imagemagic DoS
2014-11-30 00:00:00
[USN-1544-1] ImageMagick vulnerability
2012-08-27 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2014-11-22 13:54:50
Updated graphicsmagick packages fix security vulnerability
2014-11-25 12:21:26
fedora
fedora
[SECURITY] Fedora 22 Update: ImageMagick-6.8.8.10-9.fc22
2015-03-15 10:53:26
[SECURITY] Fedora 21 Update: ImageMagick-6.8.8.10-6.fc21
2015-04-13 07:04:03
[SECURITY] Fedora 17 Update: ImageMagick-6.7.5.6-4.fc17
2012-08-27 22:54:06
veracode
veracode
Denial Of Service (DoS)
2017-04-12 01:19:37
Denial Of Service (DoS) Through Out Of Bounds Read
2017-04-12 00:46:05
Denial Of Service (DoS)
2017-04-12 01:15:28
prion
prion
Out-of-bounds
2017-04-11 19:59:00
Out-of-bounds
2017-04-11 19:59:00
Design/Logic Flaw
2012-08-07 21:55:00
cve
cve
CVE-2014-8354
2017-04-11 19:59:00
CVE-2014-8562
2017-04-11 19:59:00
CVE-2012-3437
2012-08-07 21:55:00
ubuntucve
ubuntucve
CVE-2014-8354
2014-10-31 00:00:00
CVE-2014-8355
2014-10-31 00:00:00
CVE-2012-3437
2012-08-07 00:00:00
debiancve
debiancve
CVE-2014-8562
2017-04-11 19:59:00
CVE-2014-8355
2017-04-11 19:59:00
CVE-2014-8354
2017-04-11 19:59:00
ubuntu
ubuntu
ImageMagick vulnerability
2012-08-22 00:00:00
ImageMagick vulnerabilities
2016-11-21 00:00:00
debian
debian
[SECURITY] [DLA 960-1] imagemagick security update
2017-05-29 02:18:26

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON
Related for DEBIAN:DLA-242-1:7A1FC
openvas19osv2nessus18securityvulns4mageia2fedora4veracode3prion4cve4ubuntucve4debiancve4ubuntu2debian1