Linux Distros Unpatched Vulnerability : CVE-2017-14650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Remote Code Execution vulnerability has been found in the HordeImage library when using the Im backend that utilizes ImageMagick's convert utility. It's not...

[SECURITY] [DSA 4276-1] php-horde-image security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4276-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4276-1] php-horde-image security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4276-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1395-1] php-horde-image security update

Package : php-horde-image Version : 2.1.0-4+deb8u1 CVE IDs : CVE-2017-9774 CVE-2017-14650 Debian Bugs : 865505 876400 It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde https://www.horde.org/ groupware tool:...

CVE-2017-14650

CVE-2017-14650 affects Horde_Image (Im backend) using ImageMagick convert; root cause is missing input validation of the index field in _raw() when building the ImageMagick command. Affected are Horde_Image versions 2.0.0 through 2.5.1; fixed in 2.5.2. The vulnerability is contextual: it is not r...