imagemagick - security update

2016-11-2600:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Several issues have been discovered in ImageMagick, a popular set of
programs and libraries for image manipulation. These issues include
several problems in memory handling that can result in a denial of
service attack or in execution of arbitrary code by an attacker with
control on the image input.

For the stable distribution (jessie), these problems have been fixed in
version 8:6.8.9.9-5+deb8u6.

For the unstable distribution (sid), these problems have been fixed in
version 8:6.9.6.5+dfsg-1.

We recommend that you upgrade your imagemagick packages.

CPENameOperatorVersion
imagemagickeq8:6.8.9.9-5+deb8u1
imagemagickeq8:6.8.9.9-5+deb8u5
imagemagickeq8:6.8.9.9-5+deb8u4
imagemagickeq8:6.8.9.9-5+deb8u3
imagemagickeq8:6.8.9.9-5+deb8u2
imagemagickeq8:6.8.9.9-5

Name	Operator	Version
imagemagick	eq	8:6.8.9.9-5+deb8u1
imagemagick	eq	8:6.8.9.9-5+deb8u5
imagemagick	eq	8:6.8.9.9-5+deb8u4
imagemagick	eq	8:6.8.9.9-5+deb8u3
imagemagick	eq	8:6.8.9.9-5+deb8u2
imagemagick	eq	8:6.8.9.9-5