Lucene search

DebianDEBIAN:DLA-3429-1:DBCBE

HistoryMay 21, 2023 - 10:21 p.m.

[SECURITY] [DLA 3429-1] imagemagick security update

2023-05-2122:21:07

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

30.6%

JSON

Debian LTS Advisory DLA-3429-1 [email protected]
https://www.debian.org/lts/security/ Bastien Roucaries
May 21, 2023 https://wiki.debian.org/LTS

Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u5
CVE ID : CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244
CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312
CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545
CVE-2022-32546 CVE-2022-32547
Debian Bug : 996588 1013282 1016442

Multiple vulnerabilities were fixed in imagemagick, a software suite,
used for editing and manipulating digital images.

CVE-2021-20176

A divide by zero was found in gem.c file.

CVE-2021-20241

A divide by zero was found in  jp2 coder.

CVE-2021-20243

A divide by zero was found in dcm coder.

CVE-2021-20244

A divide by zero was found in fx.c.

CVE-2021-20245

A divide by zero was found in webp coder.

CVE-2021-20246

A divide by zero was found in resample.c.

CVE-2021-20309

A divide by zero was found in WaveImage.c

CVE-2021-20312

An integer overflow was found in WriteTHUMBNAILImage()
of coders/thumbnail.c

CVE-2021-20313

A potential cipher leak was found when the calculate
signatures in TransformSignature().

CVE-2021-39212

A policy bypass was found for postscript files.

CVE-2022-28463

A bufer overflow was found in  buffer overflow in cin coder.

CVE-2022-32545

A undefined behavior (conversion outside the range of
representable values of type &#x27;unsigned char&#x27;) was found in psd
file handling.

CVE-2022-32546

A undefined behavior (conversion outside the range of
representable values of type &#x27;long&#x27;) was found in pcl
file handling.

CVE-2022-32547

An unaligned access was found in property.c

For Debian 10 buster, these problems have been fixed in version
8:6.9.10.23+dfsg-2.1+deb10u5.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11ppc64ellibmagickcore-6.q16hdri-6-extra< 8:6.9.11.60+dfsg-1.3+deb11u2libmagickcore-6.q16hdri-6-extra_8:6.9.11.60+dfsg-1.3+deb11u2_ppc64el.deb
Debian11allperlmagick< 8:6.9.11.60+dfsg-1.3+deb11u2perlmagick_8:6.9.11.60+dfsg-1.3+deb11u2_all.deb
Debian10armhflibmagickcore-6.q16-6< 8:6.9.10.23+dfsg-2.1+deb10u5libmagickcore-6.q16-6_8:6.9.10.23+dfsg-2.1+deb10u5_armhf.deb
Debian11amd64libmagickwand-6.q16-dev< 8:6.9.11.60+dfsg-1.3+deb11u2libmagickwand-6.q16-dev_8:6.9.11.60+dfsg-1.3+deb11u2_amd64.deb
Debian11armellibimage-magick-q16hdri-perl-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u2libimage-magick-q16hdri-perl-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_armel.deb
Debian11armellibmagickcore-6.q16hdri-6-extra-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u2libmagickcore-6.q16hdri-6-extra-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_armel.deb
Debian9amd64libmagickwand-6.q16-3< 8:6.9.7.4+dfsg-11+deb9u12libmagickwand-6.q16-3_8:6.9.7.4+dfsg-11+deb9u12_amd64.deb
Debian11arm64imagemagick-6.q16hdri-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u2imagemagick-6.q16hdri-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_arm64.deb
Debian10armhflibmagickcore-6.q16-dev< 8:6.9.10.23+dfsg-2.1+deb10u5libmagickcore-6.q16-dev_8:6.9.10.23+dfsg-2.1+deb10u5_armhf.deb
Debian10allimagemagick-doc< 8:6.9.10.23+dfsg-2.1+deb10u5imagemagick-doc_8:6.9.10.23+dfsg-2.1+deb10u5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	ppc64el	libmagickcore-6.q16hdri-6-extra	< 8:6.9.11.60+dfsg-1.3+deb11u2	libmagickcore-6.q16hdri-6-extra_8:6.9.11.60+dfsg-1.3+deb11u2_ppc64el.deb
Debian	11	all	perlmagick	< 8:6.9.11.60+dfsg-1.3+deb11u2	perlmagick_8:6.9.11.60+dfsg-1.3+deb11u2_all.deb
Debian	10	armhf	libmagickcore-6.q16-6	< 8:6.9.10.23+dfsg-2.1+deb10u5	libmagickcore-6.q16-6_8:6.9.10.23+dfsg-2.1+deb10u5_armhf.deb
Debian	11	amd64	libmagickwand-6.q16-dev	< 8:6.9.11.60+dfsg-1.3+deb11u2	libmagickwand-6.q16-dev_8:6.9.11.60+dfsg-1.3+deb11u2_amd64.deb
Debian	11	armel	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.11.60+dfsg-1.3+deb11u2	libimage-magick-q16hdri-perl-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_armel.deb
Debian	11	armel	libmagickcore-6.q16hdri-6-extra-dbgsym	< 8:6.9.11.60+dfsg-1.3+deb11u2	libmagickcore-6.q16hdri-6-extra-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_armel.deb
Debian	9	amd64	libmagickwand-6.q16-3	< 8:6.9.7.4+dfsg-11+deb9u12	libmagickwand-6.q16-3_8:6.9.7.4+dfsg-11+deb9u12_amd64.deb
Debian	11	arm64	imagemagick-6.q16hdri-dbgsym	< 8:6.9.11.60+dfsg-1.3+deb11u2	imagemagick-6.q16hdri-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u2_arm64.deb
Debian	10	armhf	libmagickcore-6.q16-dev	< 8:6.9.10.23+dfsg-2.1+deb10u5	libmagickcore-6.q16-dev_8:6.9.10.23+dfsg-2.1+deb10u5_armhf.deb
Debian	10	all	imagemagick-doc	< 8:6.9.10.23+dfsg-2.1+deb10u5	imagemagick-doc_8:6.9.10.23+dfsg-2.1+deb10u5_all.deb