imagemagick - security update

2017-05-25T00:00:00

Description

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u9. For the upcoming stable distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-8. For the unstable distribution (sid), these problems have been fixed in version 8:6.9.7.4+dfsg-8. We recommend that you upgrade your imagemagick packages.

Affected Software

CPE Name	Name	Version
	imagemagick	8:6.8.9.9-5
	imagemagick	8:6.8.9.9-5+deb8u1
	imagemagick	8:6.8.9.9-5+deb8u2
	imagemagick	8:6.8.9.9-5+deb8u3
	imagemagick	8:6.8.9.9-5+deb8u4
	imagemagick	8:6.8.9.9-5+deb8u5
	imagemagick	8:6.8.9.9-5+deb8u6
	imagemagick	8:6.8.9.9-5+deb8u7
	imagemagick	8:6.8.9.9-5+deb8u8

{"id": "OSV:DSA-3863-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "imagemagick - security update", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.\n\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "published": "2017-05-25T00:00:00", "modified": "2023-06-28T06:50:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://osv.dev/vulnerability/DSA-3863-1", "reporter": "Google", "references": ["https://www.debian.org/security/2017/dsa-3863"], "cvelist": [], "immutableFields": [], "lastseen": "2023-06-28T06:50:27", "viewCount": 2, "enchantments": {"dependencies": {"references": []}, "score": {"value": 2.7, "vector": "NONE"}, "epss": [{"cve": "CVE-2017-8830", "epss": "0.001410000", "percentile": "0.481440000", "modified": "2023-03-20"}, {"cve": "CVE-2017-9143", "epss": "0.002820000", "percentile": "0.635850000", "modified": "2023-03-20"}, {"cve": "CVE-2017-7943", "epss": "0.003800000", "percentile": "0.687070000", "modified": "2023-03-20"}, {"cve": "CVE-2017-7619", "epss": "0.002870000", "percentile": "0.638910000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8354", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-9098", "epss": "0.002870000", "percentile": "0.638860000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8353", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-9144", "epss": "0.002170000", "percentile": "0.579660000", "modified": "2023-03-20"}, {"cve": "CVE-2017-7606", "epss": "0.004850000", "percentile": "0.722570000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8349", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8765", "epss": "0.001320000", "percentile": "0.465670000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8350", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8346", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8355", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8352", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-7941", "epss": "0.003800000", "percentile": "0.687070000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8348", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-9142", "epss": "0.003010000", "percentile": "0.647700000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8356", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8345", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8347", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8351", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8357", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8343", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}, {"cve": "CVE-2017-9141", "epss": "0.003010000", "percentile": "0.647700000", "modified": "2023-03-20"}, {"cve": "CVE-2017-8344", "epss": "0.002090000", "percentile": "0.571270000", "modified": "2023-03-20"}], "vulnersScore": 2.7}, "_state": {"dependencies": 1687935406, "score": 1687936020, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "2951eacbbacde1ea0911368345fa02b3"}, "affectedSoftware": [{"version": "8:6.8.9.9-5", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u1", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u2", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u3", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u4", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u5", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u6", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u7", "operator": "eq", "name": "imagemagick"}, {"version": "8:6.8.9.9-5+deb8u8", "operator": "eq", "name": "imagemagick"}]}