5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
70.1%
Package : imagemagick
Version : 8:6.6.0.4-3+squeeze6
CVE ID : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562
Debian Bug : #773834 #767240 #683285 #692367
This update fixes a large number of potential security problems due to
insufficient data validation when parsing different input
formats. Most of those potential security problems do not have a CVE
number assigned.
While the security implications of all of these problems are not all
fully known, it is highly recommended to update.
The update fixes the following identified vulnerabilities:
CVE-2012-3437
Incorrect validation of PNG buffer size, leading to DoS using
specially crafted PNG files.
CVE-2014-8354
Out of bounds memory access in resize
CVE-2014-8355
Buffer overflow in PCX reader
CVE-2014-8562
Buffer overflow in DCM readers
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | amd64 | imagemagick-dbg | < 8:6.7.7.10-5+deb7u13 | imagemagick-dbg_8:6.7.7.10-5+deb7u13_amd64.deb |
Debian | 7 | i386 | libmagickcore-dev | < 8:6.7.7.10-5+deb7u13 | libmagickcore-dev_8:6.7.7.10-5+deb7u13_i386.deb |
Debian | 6 | amd64 | libmagickcore-dev | < 8:6.6.0.4-3+squeeze6 | libmagickcore-dev_8:6.6.0.4-3+squeeze6_amd64.deb |
Debian | 7 | armhf | libmagick++5 | < 8:6.7.7.10-5+deb7u13 | libmagick++5_8:6.7.7.10-5+deb7u13_armhf.deb |
Debian | 7 | amd64 | libmagickcore5-extra | < 8:6.7.7.10-5+deb7u13 | libmagickcore5-extra_8:6.7.7.10-5+deb7u13_amd64.deb |
Debian | 6 | amd64 | perlmagick | < 8:6.6.0.4-3+squeeze6 | perlmagick_8:6.6.0.4-3+squeeze6_amd64.deb |
Debian | 7 | armhf | imagemagick | < 8:6.7.7.10-5+deb7u13 | imagemagick_8:6.7.7.10-5+deb7u13_armhf.deb |
Debian | 7 | amd64 | imagemagick | < 8:6.7.7.10-5+deb7u13 | imagemagick_8:6.7.7.10-5+deb7u13_amd64.deb |
Debian | 6 | amd64 | libmagickcore3-extra | < 8:6.6.0.4-3+squeeze6 | libmagickcore3-extra_8:6.6.0.4-3+squeeze6_amd64.deb |
Debian | 7 | i386 | libmagickwand-dev | < 8:6.7.7.10-5+deb7u13 | libmagickwand-dev_8:6.7.7.10-5+deb7u13_i386.deb |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
70.1%