Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-756-1:F14C9
HistoryDec 22, 2016 - 1:52 a.m.

[SECURITY] [DLA 756-1] imagemagick security update

2016-12-2201:52:15
lists.debian.org
9

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.4%

JSON

Package : imagemagick
Version : 8:6.7.7.10-5+deb7u10
CVE ID : CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866
CVE-2016-9556
Debian Bug : 840437 845206 848139 845634 845242 845243 845195 845196
845198 845202 845212 845213 845241 845244 845246

Numerous vulnerabilities were discovered in ImageMagick, an image
manipulation program. Issues include memory exception, heap, buffer
and stack overflows, out of bound reads and missing checks.

For Debian 7 "Wheezy", these problems have been fixed in version
8:6.7.7.10-5+deb7u10.

The exact impact of the vulnerabilities is unknown, as they were
mostly discovered through fuzzing. We still recommend that you upgrade
your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7armelimagemagick< 8:6.7.7.10-5+deb7u10imagemagick_8:6.7.7.10-5+deb7u10_armel.deb
Debian7armhfimagemagick-dbg< 8:6.7.7.10-5+deb7u10imagemagick-dbg_8:6.7.7.10-5+deb7u10_armhf.deb
Debian7armhflibmagick++-dev< 8:6.7.7.10-5+deb7u10libmagick++-dev_8:6.7.7.10-5+deb7u10_armhf.deb
Debian7i386libmagick++5< 8:6.7.7.10-5+deb7u10libmagick++5_8:6.7.7.10-5+deb7u10_i386.deb
Debian7armhflibmagickwand-dev< 8:6.7.7.10-5+deb7u10libmagickwand-dev_8:6.7.7.10-5+deb7u10_armhf.deb
Debian7i386libmagickcore5< 8:6.7.7.10-5+deb7u10libmagickcore5_8:6.7.7.10-5+deb7u10_i386.deb
Debian7armellibmagickwand5< 8:6.7.7.10-5+deb7u10libmagickwand5_8:6.7.7.10-5+deb7u10_armel.deb
Debian7armellibmagickcore5-extra< 8:6.7.7.10-5+deb7u10libmagickcore5-extra_8:6.7.7.10-5+deb7u10_armel.deb
Debian7allimagemagick-common< 8:6.7.7.10-5+deb7u10imagemagick-common_8:6.7.7.10-5+deb7u10_all.deb
Debian7armellibmagick++-dev< 8:6.7.7.10-5+deb7u10libmagick++-dev_8:6.7.7.10-5+deb7u10_armel.deb
Rows per page:
1-10 of 431

Related

nessus 31
suse 5
openvas 51
osv 9
ubuntucve 7
debiancve 7
cve 7
prion 7
redhatcve 7
cloudfoundry 2
ubuntu 2
freebsd 1
veracode 3
alpinelinux 1
checkpoint_advisories 2
seebug 1
myhack58 1
talos 1
archlinux 1
debian 3
gentoo 1
mageia 1
fedora 25
nessus
nessus
Debian DLA-756-1 : imagemagick security update
2016-12-22 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2016-1512)
2016-12-27 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : ImageMagick vulnerabilities (USN-3142-1)
2016-12-01 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-12-22 15:08:57
Security update for ImageMagick (important)
2016-12-23 16:09:35
Security update for ImageMagick (important)
2017-01-04 18:07:50
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)
2016-12-23 00:00:00
ImageMagick Multiple Memory Corruption Vulnerabilities - Windows
2017-02-21 00:00:00
ImageMagick Multiple Memory Corruption Vulnerabilities - Mac OS X
2017-02-21 00:00:00
osv
osv
CVE-2016-8866
2017-02-15 19:59:01
CVE-2017-7275
2017-03-27 18:59:00
CVE-2016-8862
2017-02-15 19:59:00
ubuntucve
ubuntucve
CVE-2016-8862
2016-10-21 00:00:00
CVE-2016-8866
2017-02-15 00:00:00
CVE-2017-7275
2017-03-27 00:00:00
debiancve
debiancve
CVE-2016-8866
2017-02-15 19:59:00
CVE-2017-7275
2017-03-27 18:59:00
CVE-2016-8862
2017-02-15 19:59:00
cve
cve
CVE-2016-8866
2017-02-15 19:59:00
CVE-2017-7275
2017-03-27 18:59:00
CVE-2016-9556
2017-03-23 18:59:00
prion
prion
Memory corruption
2017-02-15 19:59:00
Design/Logic Flaw
2017-03-27 18:59:00
Design/Logic Flaw
2017-02-15 19:59:00
redhatcve
redhatcve
CVE-2016-8866
2016-10-26 08:51:29
CVE-2017-7275
2017-03-31 13:48:09
CVE-2016-9556
2016-11-24 10:17:40
cloudfoundry
cloudfoundry
USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry
2016-12-27 00:00:00
USN-3222-1: ImageMagick vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-30 00:00:00
ImageMagick vulnerabilities
2017-03-08 00:00:00
freebsd
freebsd
ImageMagick7 -- multiple vulnerabilities
2016-09-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-06-11 08:24:11
Denial Of Service (DoS)
2017-03-24 06:28:58
Remote Code Execution (RCE)
2017-04-03 02:50:30
alpinelinux
alpinelinux
CVE-2016-7799
2017-01-18 17:59:00
checkpoint_advisories
checkpoint_advisories
Imagemagick Compressed TIFF File Conversion Remote Code Execution (CVE-2016-8707)
2016-12-29 00:00:00
ImageMagick SyncExifProfile Out Of Bounds Array Indexing (CVE-2016-7799)
2017-01-04 00:00:00
seebug
seebug
ImageMagick Convert Tiff Adobe Deflate 任意代码执行漏洞(CVE-2016-8707)
2016-12-08 00:00:00
myhack58
myhack58
ImageMagick compression of TIFF image remote code execution vulnerability, CVE-2016-8707-a vulnerability warning-the black bar safety net
2016-12-08 00:00:00
talos
talos
ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability
2016-12-03 00:00:00
archlinux
archlinux
[ASA-201610-6] imagemagick: multiple issues
2016-10-08 00:00:00
debian
debian
[SECURITY] [DSA 3726-1] imagemagick security update
2016-11-27 04:09:30
[SECURITY] [DSA 3726-1] imagemagick security update
2016-11-27 04:09:30
[SECURITY] [DSA 3799-1] imagemagick security update
2017-03-01 22:06:44
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2016-11-30 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2018-05-12 09:28:12
fedora
fedora
[SECURITY] Fedora 26 Update: k3d-0.8.0.6-8.fc26
2017-09-19 03:27:27
[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-4.fc26.2
2017-09-19 03:27:34
[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1
2017-09-19 03:27:26

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.4%

JSON
Related for DEBIAN:DLA-756-1:F14C9
nessus31suse5openvas51osv9ubuntucve7debiancve7cve7prion7redhatcve7cloudfoundry2ubuntu2freebsd1veracode3alpinelinux1checkpoint_advisories2seebug1myhack581talos1archlinux1debian3gentoo1mageia1fedora25