DebianDEBIAN:DSA-2427-1:217F0[SECURITY] [DSA 2427-1] imagemagick security update
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.781 High
EPSS
Percentile
98.3%
Debian Security Advisory DSA-2427-1 [email protected]
http://www.debian.org/security/ Florian Weimer
March 06, 2012 http://www.debian.org/security/faq
Package : imagemagick
Vulnerability : several
Problem type : local
CVE ID : CVE-2012-0247 CVE-2012-0248
Two security vulnerabilities related to EXIF processing were
discovered in ImageMagick, a suite of programs to manipulate images:
CVE-2012-0247
When parsing a maliciously crafted image with incorrect offset
and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick
writes two bytes to an invalid address.
CVE-2012-0248
Parsing a maliciously crafted image with an IFD whose all IOP
tags value offsets point to the beginning of the IFD itself
results in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed
in version 8:6.6.0.4-3+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 8:6.6.9.7-6.
We recommend that you upgrade your imagemagick packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | s390 | libmagickcore-dev | < 8:6.6.0.4-3+squeeze1 | libmagickcore-dev_8:6.6.0.4-3+squeeze1_s390.deb |
| Debian | 6 | kfreebsd-i386 | imagemagick | < 8:6.6.0.4-3+squeeze1 | imagemagick_8:6.6.0.4-3+squeeze1_kfreebsd-i386.deb |
| Debian | 6 | i386 | libmagickcore3 | < 8:6.6.0.4-3+squeeze1 | libmagickcore3_8:6.6.0.4-3+squeeze1_i386.deb |
| Debian | 6 | ia64 | libmagickcore3 | < 8:6.6.0.4-3+squeeze1 | libmagickcore3_8:6.6.0.4-3+squeeze1_ia64.deb |
| Debian | 6 | kfreebsd-amd64 | libmagickwand3 | < 8:6.6.0.4-3+squeeze1 | libmagickwand3_8:6.6.0.4-3+squeeze1_kfreebsd-amd64.deb |
| Debian | 6 | mips | libmagickwand3 | < 8:6.6.0.4-3+squeeze1 | libmagickwand3_8:6.6.0.4-3+squeeze1_mips.deb |
| Debian | 6 | powerpc | perlmagick | < 8:6.6.0.4-3+squeeze1 | perlmagick_8:6.6.0.4-3+squeeze1_powerpc.deb |
| Debian | 6 | ia64 | libmagick++3 | < 8:6.6.0.4-3+squeeze1 | libmagick++3_8:6.6.0.4-3+squeeze1_ia64.deb |
| Debian | 6 | all | imagemagick-doc | < 8:6.6.0.4-3+squeeze1 | imagemagick-doc_8:6.6.0.4-3+squeeze1_all.deb |
| Debian | 6 | sparc | libmagickwand-dev | < 8:6.6.0.4-3+squeeze1 | libmagickwand-dev_8:6.6.0.4-3+squeeze1_sparc.deb |
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.781 High
EPSS
Percentile
98.3%