Updated imagemagick packages fix security vulnerabilities

2021-03-2717:27:02

Gentoo Foundation

advisories.mageia.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

30.7%

JSON

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability (CVE-2021-20241). A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability (CVE-2021-20243). A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability (CVE-2021-20244). A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability (CVe-2021-20246). Note that abydos, blender, converseen, cuneiform-linux, digikam, kxxstich, libopenshot, pfstools, php-imagick, spectacle, synfig, xine-lib1.2, mgba, windowmaker, zbar and transcode (and tainted conter-parts) have been rebuilt.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchimagemagick< 7.0.10.62-1imagemagick-7.0.10.62-1.mga7
Mageia7noarchabydos< 0.1.3-2.2abydos-0.1.3-2.2.mga7
Mageia7noarchblender< 2.79b-14.git20190504.2blender-2.79b-14.git20190504.2.mga7
Mageia7noarchconverseen< 0.9.7.2-2.2converseen-0.9.7.2-2.2.mga7
Mageia7noarchcuneiform-linux< 1.1.0-15.1cuneiform-linux-1.1.0-15.1.mga7
Mageia7noarchdigikam< 6.1.0-4.1digikam-6.1.0-4.1.mga7
Mageia7noarchkxstitch< 2.1.1-5.1kxstitch-2.1.1-5.1.mga7
Mageia7noarchlibopenshot< 2.4.4-2.2libopenshot-2.4.4-2.2.mga7
Mageia7noarchpfstools< 2.1.0-13.2pfstools-2.1.0-13.2.mga7
Mageia7noarchphp-imagick< 3.4.4-1.2php-imagick-3.4.4-1.2.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	imagemagick	< 7.0.10.62-1	imagemagick-7.0.10.62-1.mga7
Mageia	7	noarch	abydos	< 0.1.3-2.2	abydos-0.1.3-2.2.mga7
Mageia	7	noarch	blender	< 2.79b-14.git20190504.2	blender-2.79b-14.git20190504.2.mga7
Mageia	7	noarch	converseen	< 0.9.7.2-2.2	converseen-0.9.7.2-2.2.mga7
Mageia	7	noarch	cuneiform-linux	< 1.1.0-15.1	cuneiform-linux-1.1.0-15.1.mga7
Mageia	7	noarch	digikam	< 6.1.0-4.1	digikam-6.1.0-4.1.mga7
Mageia	7	noarch	kxstitch	< 2.1.1-5.1	kxstitch-2.1.1-5.1.mga7
Mageia	7	noarch	libopenshot	< 2.4.4-2.2	libopenshot-2.4.4-2.2.mga7
Mageia	7	noarch	pfstools	< 2.1.0-13.2	pfstools-2.1.0-13.2.mga7
Mageia	7	noarch	php-imagick	< 3.4.4-1.2	php-imagick-3.4.4-1.2.mga7