Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3785-1
HistoryOct 04, 2018 - 12:00 a.m.

ImageMagick vulnerabilities

2018-10-0400:00:00
ubuntu.com
200

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.242 Low

EPSS

Percentile

96.6%

JSON

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • imagemagick - Image manipulation programs and library

Details

Due to a large number of issues discovered in GhostScript that prevent
it from being used by ImageMagick safely, this update includes a
default policy change that disables support for the Postscript and
PDF formats in ImageMagick. This policy can be overridden if necessary
by using an alternate ImageMagick policy configuration.

It was discovered that several memory leaks existed when handling
certain images in ImageMagick. An attacker could use this to cause a
denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436,
CVE-2018-14437, CVE-2018-16640, CVE-2018-16750)

It was discovered that ImageMagick did not properly initialize a
variable before using it when processing MAT images. An attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551)

It was discovered that an information disclosure vulnerability existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information. (CVE-2018-16323)

It was discovered that an out-of-bounds write vulnerability existed
in ImageMagick when handling certain images. An attacker could use
this to cause a denial of service or possibly execute arbitrary code.
(CVE-2018-16642)

It was discovered that ImageMagick did not properly check for errors
in some situations. An attacker could use this to cause a denial of
service. (CVE-2018-16643)

It was discovered that ImageMagick did not properly validate image
meta data in some situations. An attacker could use this to cause a
denial of service. (CVE-2018-16644)

It was discovered that ImageMagick did not prevent excessive memory
allocation when handling certain image types. An attacker could use
this to cause a denial of service. (CVE-2018-16645)

Sergej Schumilo and Cornelius Aschermann discovered that ImageMagick
did not properly check for NULL in some situations when processing
PNG images. An attacker could use this to cause a denial of service.
(CVE-2018-16749)

USN-3681-1 fixed vulnerabilities in Imagemagick. Unfortunately,
the fix for CVE-2017-13144 introduced a regression in ImageMagick in
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This update reverts the fix
for CVE-2017-13144 for those releases.

We apologize for the inconvenience.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchimagemagick< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6-common< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6-doc< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6.q16< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6.q16-dbgsym< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6.q16hdri< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-6.q16hdri-dbgsym< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-common< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchimagemagick-doc< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Ubuntu18.04noarchlibimage-magick-perl< 8:6.9.7.4+dfsg-16ubuntu6.4UNKNOWN
Rows per page:
1-10 of 961

Related

nessus 35
cloudfoundry 2
openvas 26
suse 10
osv 16
debian 2
mageia 1
veracode 12
cve 14
debiancve 14
ubuntucve 14
prion 14
redhatcve 14
alpinelinux 12
zdt 1
checkpoint_advisories 1
packetstorm 1
redhat 1
centos 1
ubuntu 1
amazon 6
oraclelinux 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ImageMagick vulnerabilities (USN-3785-1)
2018-10-05 00:00:00
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3095-1)
2018-10-12 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2018-1181)
2018-10-18 00:00:00
cloudfoundry
cloudfoundry
USN-3785-1: ImageMagick vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3785-1)
2018-10-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3095-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2018:2503-1)
2018-10-26 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2018-09-24 12:08:19
Security update for ImageMagick (moderate)
2018-10-17 21:23:01
Security update for ImageMagick (moderate)
2018-08-25 00:08:35
osv
osv
imagemagick - security update
2018-10-03 00:00:00
imagemagick - security update
2018-10-12 00:00:00
CVE-2018-14551
2018-07-23 08:29:00
debian
debian
[SECURITY] [DLA 1530-1] imagemagick security update
2018-10-03 18:05:30
[SECURITY] [DSA 4316-1] imagemagick security update
2018-10-12 20:55:21
mageia
mageia
Updated graphicsmagick packages fix security vulnerabilities & bugs
2019-01-01 01:42:09
veracode
veracode
Denial Of Service (DoS)
2018-09-10 10:10:23
Arbitrary Code Execution
2020-12-06 03:46:35
Denial Of Service (DoS) Through Memory Leak
2018-09-17 08:53:24
cve
cve
CVE-2017-13144
2017-08-23 06:29:00
CVE-2018-16640
2018-09-06 22:29:00
CVE-2018-14551
2018-07-23 08:29:00
debiancve
debiancve
CVE-2017-13144
2017-08-23 06:29:00
CVE-2018-14551
2018-07-23 08:29:00
CVE-2018-16640
2018-09-06 22:29:00
ubuntucve
ubuntucve
CVE-2018-14551
2018-07-23 00:00:00
CVE-2017-13144
2017-08-23 00:00:00
CVE-2018-16640
2018-09-06 00:00:00
prion
prion
Memory corruption
2018-09-06 22:29:00
Code injection
2017-08-23 06:29:00
Information disclosure
2018-09-01 18:29:00
redhatcve
redhatcve
CVE-2018-14551
2018-08-01 04:48:46
CVE-2018-16640
2018-09-07 16:19:09
CVE-2018-14436
2018-07-30 21:56:37
alpinelinux
alpinelinux
CVE-2018-16640
2018-09-06 22:29:00
CVE-2018-14551
2018-07-23 08:29:00
CVE-2018-16750
2018-09-09 15:29:00
zdt
zdt
ImageMagick - Memory Leak Exploit
2018-11-20 00:00:00
checkpoint_advisories
checkpoint_advisories
ImageMagick ReadXBMImage Information Disclosure (CVE-2018-16323)
2022-09-18 00:00:00
packetstorm
packetstorm
ImageMagick Memory Leak
2018-11-20 00:00:00
redhat
redhat
(RHSA-2020:1180) Moderate: ImageMagick security, bug fix, and enhancement update
2020-03-31 09:28:57
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-06-25 00:00:00
amazon
amazon
Important: ImageMagick
2024-01-19 01:51:00
Medium: php55-pecl-imagick
2023-08-21 12:14:00
Medium: php56-pecl-imagick
2023-08-21 12:14:00
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.242 Low

EPSS

Percentile

96.6%

JSON
Related for USN-3785-1
nessus35cloudfoundry2openvas26suse10osv16debian2mageia1veracode12cve14debiancve14ubuntucve14prion14redhatcve14alpinelinux12zdt1checkpoint_advisories1packetstorm1redhat1centos1ubuntu1amazon6oraclelinux1