Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2024-0064
HistoryMar 16, 2024 - 1:51 a.m.

Updated imagemagick packages fix security vulnerabilities

2024-03-1601:51:55
Gentoo Foundation
advisories.mageia.org
20
imagemagick
packages
buffer overflow
heap
stack
security
vulnerabilities
denial of service
tiff
svg
mvg

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.2%

JSON

The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. (CVE-2021-3610) A stack-based buffer overflow issue was found in ImageMagick’s coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. (CVE-2023-3195) A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428) This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

Related

openvas 23
nessus 33
cve 5
prion 5
alpinelinux 3
debiancve 5
ubuntucve 5
osv 12
amazon 7
debian 3
fedora 3
veracode 5
redhatcve 5
redos 2
cnvd 1
ubuntu 4
photon 11
suse 2
mageia 1
cloudfoundry 1
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0064)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5628-1)
2024-02-23 00:00:00
Fedora: Security Advisory for ImageMagick (FEDORA-2023-edbdccae2a)
2023-09-01 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:2357-1)
2023-06-03 00:00:00
Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2023-301)
2023-08-24 00:00:00
Amazon Linux 2 : ImageMagick (ALAS-2023-2272)
2023-10-05 00:00:00
cve
cve
CVE-2023-34151
2023-05-30 22:15:11
CVE-2022-32546
2022-06-16 18:15:00
CVE-2023-3428
2023-10-04 19:15:10
prion
prion
Design/Logic Flaw
2023-05-30 22:15:00
Input validation
2022-06-16 18:15:00
Heap overflow
2023-10-04 19:15:00
alpinelinux
alpinelinux
CVE-2023-34151
2023-05-30 22:15:00
CVE-2022-32546
2022-06-16 18:15:00
CVE-2023-3428
2023-10-04 19:15:10
debiancve
debiancve
CVE-2023-34151
2023-05-30 22:15:11
CVE-2022-32546
2022-06-16 18:15:00
CVE-2023-3428
2023-10-04 19:15:10
ubuntucve
ubuntucve
CVE-2023-34151
2023-05-30 00:00:00
CVE-2022-32546
2022-06-16 00:00:00
CVE-2023-3428
2023-06-29 00:00:00
osv
osv
CVE-2023-34151
2023-05-30 22:15:11
imagemagick - security update
2024-02-22 00:00:00
CVE-2022-32546
2022-06-16 18:15:10
amazon
amazon
Medium: ImageMagick
2023-07-13 23:57:00
Medium: ImageMagick
2023-09-27 22:15:00
Medium: ImageMagick
2023-09-27 22:48:00
debian
debian
[SECURITY] [DSA 5628-1] imagemagick security update
2024-02-22 19:04:37
[SECURITY] [DLA 3737-1] imagemagick security update
2024-02-22 09:45:50
[SECURITY] [DLA 3429-1] imagemagick security update
2023-05-21 22:21:07
fedora
fedora
[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.93-1.fc37
2023-08-31 01:20:29
[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.11-1.fc38
2023-06-03 02:46:14
[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.15-1.fc38
2023-08-24 01:32:21
veracode
veracode
Integer Overflow
2022-10-14 20:48:24
Integer Overflow
2023-06-16 10:26:54
Denial Of Service (DoS)
2023-10-27 23:25:13
redhatcve
redhatcve
CVE-2023-34151
2023-05-29 05:40:17
CVE-2022-32546
2022-06-08 16:09:24
CVE-2023-3428
2023-06-28 22:21:28
redos
redos
ROS-20231016-03
2023-10-16 00:00:00
ROS-20230621-06
2023-06-21 00:00:00
cnvd
cnvd
Imagemagick Studio ImageMagick Buffer Overflow Vulnerability (CNVD-2022-20173)
2022-02-25 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2023-07-04 00:00:00
ImageMagick vulnerabilities
2022-07-26 00:00:00
ImageMagick vulnerabilities
2022-11-24 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0047
2023-07-11 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0699
2023-12-14 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0424
2023-07-11 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2022-07-06 00:00:00
Security update for ImageMagick (moderate)
2022-07-04 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerability
2022-12-07 02:32:48
cloudfoundry
cloudfoundry
USN-5736-1: ImageMagick vulnerabilities | Cloud Foundry
2023-02-03 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.2%

JSON
Related for MGASA-2024-0064
openvas23nessus33cve5prion5alpinelinux3debiancve5ubuntucve5osv12amazon7debian3fedora3veracode5redhatcve5redos2cnvd1ubuntu4photon11suse2mageia1cloudfoundry1