[SECURITY] [DLA 90-1] imagemagick security update

2014-11-2221:56:15

lists.debian.org

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

29.5%

JSON

Package : imagemagick
Version : 8:6.6.0.4-3+squeeze5
CVE ID : CVE-2014-8716
Debian Bug : 768494

Some special crafted JPEG file could lead to dos due to missing check in
embeded EXIF properties (EXIF directory offsets must be greater than 0).

OSVersionArchitecturePackageVersionFilename
Debian7i386libmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_i386.deb
Debian6i386perlmagick< 8:6.6.0.4-3+squeeze5perlmagick_8:6.6.0.4-3+squeeze5_i386.deb
Debian7amd64libmagickcore5< 8:6.7.7.10-5+deb7u13libmagickcore5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian7armhfimagemagick-dbg< 8:6.7.7.10-5+deb7u13imagemagick-dbg_8:6.7.7.10-5+deb7u13_armhf.deb
Debian7armellibmagick++-dev< 8:6.7.7.10-5+deb7u13libmagick++-dev_8:6.7.7.10-5+deb7u13_armel.deb
Debian6i386libmagickcore3< 8:6.6.0.4-3+squeeze5libmagickcore3_8:6.6.0.4-3+squeeze5_i386.deb
Debian7i386libmagickcore-dev< 8:6.7.7.10-5+deb7u13libmagickcore-dev_8:6.7.7.10-5+deb7u13_i386.deb
Debian7amd64libmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian6amd64imagemagick-dbg< 8:6.6.0.4-3+squeeze5imagemagick-dbg_8:6.6.0.4-3+squeeze5_amd64.deb
Debian7armellibmagickwand-dev< 8:6.7.7.10-5+deb7u13libmagickwand-dev_8:6.7.7.10-5+deb7u13_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	libmagick++5	< 8:6.7.7.10-5+deb7u13	libmagick++5_8:6.7.7.10-5+deb7u13_i386.deb
Debian	6	i386	perlmagick	< 8:6.6.0.4-3+squeeze5	perlmagick_8:6.6.0.4-3+squeeze5_i386.deb
Debian	7	amd64	libmagickcore5	< 8:6.7.7.10-5+deb7u13	libmagickcore5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian	7	armhf	imagemagick-dbg	< 8:6.7.7.10-5+deb7u13	imagemagick-dbg_8:6.7.7.10-5+deb7u13_armhf.deb
Debian	7	armel	libmagick++-dev	< 8:6.7.7.10-5+deb7u13	libmagick++-dev_8:6.7.7.10-5+deb7u13_armel.deb
Debian	6	i386	libmagickcore3	< 8:6.6.0.4-3+squeeze5	libmagickcore3_8:6.6.0.4-3+squeeze5_i386.deb
Debian	7	i386	libmagickcore-dev	< 8:6.7.7.10-5+deb7u13	libmagickcore-dev_8:6.7.7.10-5+deb7u13_i386.deb
Debian	7	amd64	libmagick++5	< 8:6.7.7.10-5+deb7u13	libmagick++5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian	6	amd64	imagemagick-dbg	< 8:6.6.0.4-3+squeeze5	imagemagick-dbg_8:6.6.0.4-3+squeeze5_amd64.deb
Debian	7	armel	libmagickwand-dev	< 8:6.7.7.10-5+deb7u13	libmagickwand-dev_8:6.7.7.10-5+deb7u13_armel.deb