7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
67.7%
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. (CVE-2021-3574) A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219) An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the ‘unsigned char’. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (CVE-2021-20224) A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309) A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311) A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312) A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20313) A heap-based-buffer-over-read flaw was found in ImageMagick’s GetPixelAlpha() function of ‘pixel-accessor.h’. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. (CVE-2022-0284) A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114) In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270) In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719) A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213) ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463) A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned char’ at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32545) A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned long’ at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546) In ImageMagick, there is load of misaligned address for type ‘double’, which requires 8 byte alignment and for type ‘float’, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | imagemagick | < 7.1.0.52-1.1 | imagemagick-7.1.0.52-1.1.mga8 |
Mageia | 8 | noarch | abydos | < 0.2.3-4.2 | abydos-0.2.3-4.2.mga8 |
Mageia | 8 | noarch | converseen | < 0.9.8.1-4.2 | converseen-0.9.8.1-4.2.mga8 |
Mageia | 8 | noarch | digikam | < 7.1.0-4.2 | digikam-7.1.0-4.2.mga8 |
Mageia | 8 | noarch | libopenshot | < 0.2.5-5.2 | libopenshot-0.2.5-5.2.mga8 |
Mageia | 8 | noarch | php-imagick | < 3.4.5-0.git20201230.2.2 | php-imagick-3.4.5-0.git20201230.2.2.mga8 |
Mageia | 8 | noarch | synfig | < 1.2.2-11.2 | synfig-1.2.2-11.2.mga8 |
Mageia | 8 | noarch | windowmaker | < 0.95.9-3.2 | windowmaker-0.95.9-3.2.mga8 |
Mageia | 8 | noarch | xine-lib1.2 | < 1.2.11-1.2 | xine-lib1.2-1.2.11-1.2.mga8 |
Mageia | 8 | noarch | zbar | < 0.23.1-5.2 | zbar-0.23.1-5.2.mga8 |
bugs.mageia.org/show_bug.cgi?id=29054
lists.fedoraproject.org/archives/list/[email protected]/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
lists.fedoraproject.org/archives/list/[email protected]/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
lists.opensuse.org/archives/list/[email protected]/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
lists.opensuse.org/archives/list/[email protected]/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
lists.opensuse.org/archives/list/[email protected]/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
lists.opensuse.org/archives/list/[email protected]/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
lists.opensuse.org/archives/list/[email protected]/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
lists.opensuse.org/archives/list/[email protected]/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
ubuntu.com/security/notices/USN-5158-1
ubuntu.com/security/notices/USN-5456-1
ubuntu.com/security/notices/USN-5534-1
ubuntu.com/security/notices/USN-5736-1
www.debian.org/lts/security/2022/dla-3007
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
67.7%