Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:139477
[Rus]
Version
3
Class
patch
ALTXid
336145
Language
English
Severity
Critical
Title
DLA-2366-1 -- imagemagick security update
Description
Several security vulnerabilities were found in Imagemagick.
Family
unix
Platform
Debian 9
Product
imagemagick
Reference
VENDOR: DLA-2366-1
VENDOR: DLA-2366-1
Id:
DLA-2366-1
Reference:
https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202009/msg00007.html
CVE: CVE-2017-12140
CVE: CVE-2017-12140
Id:
CVE-2017-12140
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12140
Comment
: The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://github.com/ImageMagick/ImageMagick/issues/533 (CONFIRM)
100096 (BID)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12429
CVE: CVE-2017-12429
Id:
CVE-2017-12429
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12429
Comment
: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/545 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12430
CVE: CVE-2017-12430
Id:
CVE-2017-12430
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12430
Comment
: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/546 (CONFIRM)
100157 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12435
CVE: CVE-2017-12435
Id:
CVE-2017-12435
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12435
Comment
: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/543 (CONFIRM)
100152 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12563
CVE: CVE-2017-12563
Id:
CVE-2017-12563
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12563
Comment
: In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/599 (CONFIRM)
100153 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12643
CVE: CVE-2017-12643
Id:
CVE-2017-12643
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12643
Comment
: ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/549 (CONFIRM)
100218 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://github.com/ImageMagick/ImageMagick/commit/d9ccd8227c4c88a907cda5278408b73552cb0c07 (CONFIRM)
CVE: CVE-2017-12670
CVE: CVE-2017-12670
Id:
CVE-2017-12670
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12670
Comment
: In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
https://github.com/ImageMagick/ImageMagick/issues/610 (CONFIRM)
100252 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12674
CVE: CVE-2017-12674
Id:
CVE-2017-12674
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12674
Comment
: In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
834 (Excessive Iteration)
References:
https://github.com/ImageMagick/ImageMagick/issues/604 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12691
CVE: CVE-2017-12691
Id:
CVE-2017-12691
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12691
Comment
: The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/656 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12692
CVE: CVE-2017-12692
Id:
CVE-2017-12692
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12692
Comment
: The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/653 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12693
CVE: CVE-2017-12693
Id:
CVE-2017-12693
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12693
Comment
: The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/652 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-12806
CVE: CVE-2017-12806
Id:
CVE-2017-12806
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12806
Comment
: In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://github.com/ImageMagick/ImageMagick/issues/660 (MISC)
USN-4034-1 (UBUNTU)
openSUSE-SU-2019:1683 (SUSE)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-12875
CVE: CVE-2017-12875
Id:
CVE-2017-12875
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12875
Comment
: The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/659 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-13061
CVE: CVE-2017-13061
Id:
CVE-2017-13061
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13061
Comment
: In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
https://github.com/ImageMagick/ImageMagick/issues/645 (CONFIRM)
100481 (BID)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-13133
CVE: CVE-2017-13133
Id:
CVE-2017-13133
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13133
Comment
: In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
https://github.com/ImageMagick/ImageMagick/issues/679 (CONFIRM)
100479 (BID)
GLSA-201711-07 (GENTOO)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-13658
CVE: CVE-2017-13658
Id:
CVE-2017-13658
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13658
Comment
: In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
617 (Reachable Assertion)
References:
https://github.com/ImageMagick/ImageMagick/issues/598 (CONFIRM)
https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89 (CONFIRM)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019 (CONFIRM)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-13768
CVE: CVE-2017-13768
Id:
CVE-2017-13768
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13768
Comment
: Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/706 (CONFIRM)
100569 (BID)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14060
CVE: CVE-2017-14060
Id:
CVE-2017-14060
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14060
Comment
: In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/710 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14172
CVE: CVE-2017-14172
Id:
CVE-2017-14172
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14172
Comment
: In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
834 (Excessive Iteration)
References:
https://github.com/ImageMagick/ImageMagick/issues/715 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac (CONFIRM)
CVE: CVE-2017-14173
CVE: CVE-2017-14173
Id:
CVE-2017-14173
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14173
Comment
: In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/ImageMagick/ImageMagick/issues/713 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://github.com/ImageMagick/ImageMagick/commit/50f54462076648ac2e36c3f58f4dadd4babbf1c9 (CONFIRM)
CVE: CVE-2017-14174
CVE: CVE-2017-14174
Id:
CVE-2017-14174
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14174
Comment
: In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
834 (Excessive Iteration)
References:
https://github.com/ImageMagick/ImageMagick/issues/714 (CONFIRM)
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 (CONFIRM)
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14175
CVE: CVE-2017-14175
Id:
CVE-2017-14175
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14175
Comment
: In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
834 (Excessive Iteration)
References:
https://github.com/ImageMagick/ImageMagick/issues/712 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c (CONFIRM)
CVE: CVE-2017-14249
CVE: CVE-2017-14249
Id:
CVE-2017-14249
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14249
Comment
: ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
https://github.com/ImageMagick/ImageMagick/issues/708 (CONFIRM)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14341
CVE: CVE-2017-14341
Id:
CVE-2017-14341
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14341
Comment
: ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://github.com/ImageMagick/ImageMagick/issues/654 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 (CONFIRM)
CVE: CVE-2017-14400
CVE: CVE-2017-14400
Id:
CVE-2017-14400
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14400
Comment
: In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/746 (CONFIRM)
100865 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14505
CVE: CVE-2017-14505
Id:
CVE-2017-14505
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14505
Comment
: DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/716 (CONFIRM)
100882 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14532
CVE: CVE-2017-14532
Id:
CVE-2017-14532
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14532
Comment
: ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/719 (CONFIRM)
100883 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14624
CVE: CVE-2017-14624
Id:
CVE-2017-14624
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14624
Comment
: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/722 (CONFIRM)
100940 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14625
CVE: CVE-2017-14625
Id:
CVE-2017-14625
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14625
Comment
: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/721 (CONFIRM)
100941 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14626
CVE: CVE-2017-14626
Id:
CVE-2017-14626
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14626
Comment
: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/721 (CONFIRM)
https://github.com/ImageMagick/ImageMagick/issues/720 (CONFIRM)
100943 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14739
CVE: CVE-2017-14739
Id:
CVE-2017-14739
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14739
Comment
: The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/780 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-14741
CVE: CVE-2017-14741
Id:
CVE-2017-14741
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741
Comment
: The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://github.com/ImageMagick/ImageMagick/issues/771 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-15015
CVE: CVE-2017-15015
Id:
CVE-2017-15015
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15015
Comment
: ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/724 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-15017
CVE: CVE-2017-15017
Id:
CVE-2017-15017
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15017
Comment
: ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/723 (CONFIRM)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-15281
CVE: CVE-2017-15281
Id:
CVE-2017-15281
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15281
Comment
: ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://github.com/ImageMagick/ImageMagick/issues/832 (CONFIRM)
101276 (BID)
GLSA-201711-07 (GENTOO)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-17682
CVE: CVE-2017-17682
Id:
CVE-2017-17682
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17682
Comment
: In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://github.com/ImageMagick/ImageMagick/issues/870 (CONFIRM)
102202 (BID)
[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-17914
CVE: CVE-2017-17914
Id:
CVE-2017-17914
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17914
Comment
: In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
834 (Excessive Iteration)
References:
https://github.com/ImageMagick/ImageMagick/issues/908 (CONFIRM)
[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-18209
CVE: CVE-2017-18209
Id:
CVE-2017-18209
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18209
Comment
: In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/790 (MISC)
103218 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-18211
CVE: CVE-2017-18211
Id:
CVE-2017-18211
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18211
Comment
: In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick/issues/792 (MISC)
103220 (BID)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-18271
CVE: CVE-2017-18271
Id:
CVE-2017-18271
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18271
Comment
: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://github.com/ImageMagick/ImageMagick/issues/911 (CONFIRM)
[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-18273
CVE: CVE-2017-18273
Id:
CVE-2017-18273
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18273
Comment
: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://github.com/ImageMagick/ImageMagick/issues/910 (CONFIRM)
[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2017-1000445
CVE: CVE-2017-1000445
Id:
CVE-2017-1000445
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000445
Comment
: ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
476 (NULL Pointer Dereference)
References:
102368 (BID)
https://github.com/ImageMagick/ImageMagick/issues/775 (CONFIRM)
[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update (MLIST)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
CVE: CVE-2017-1000476
CVE: CVE-2017-1000476
Id:
CVE-2017-1000476
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000476
Comment
: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
102428 (BID)
https://github.com/ImageMagick/ImageMagick/issues/867 (MISC)
[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update (MLIST)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
USN-3681-1 (UBUNTU)
CVE: CVE-2018-16643
CVE: CVE-2018-16643
Id:
CVE-2018-16643
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16643
Comment
: The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
252 (Unchecked Return Value)
References:
https://github.com/ImageMagick/ImageMagick/issues/1199 (MISC)
https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c (MISC)
[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update (MLIST)
USN-3785-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2018-16749
CVE: CVE-2018-16749
Id:
CVE-2018-16749
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16749
Comment
: In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4 (MISC)
https://github.com/ImageMagick/ImageMagick/issues/1119 (MISC)
[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update (MLIST)
USN-3785-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2018-18025
CVE: CVE-2018-18025
Id:
CVE-2018-18025
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18025
Comment
: In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/ImageMagick/ImageMagick/issues/1335 (MISC)
[debian-lts-announce] 20181112 [SECURITY] [DLA 1574-1] imagemagick security update (MLIST)
USN-4034-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2019-11598
CVE: CVE-2019-11598
Id:
CVE-2019-11598
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11598
Comment
: In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSSv3 Score:
8.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/ImageMagick/ImageMagick/issues/1540 (MISC)
108102 (BID)
[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update (MLIST)
openSUSE-SU-2019:1603 (SUSE)
USN-4034-1 (UBUNTU)
openSUSE-SU-2019:1683 (SUSE)
DSA-4712 (DEBIAN)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2019-13135
CVE: CVE-2019-13135
Id:
CVE-2019-13135
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13135
Comment
: ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
908 ()
References:
https://github.com/ImageMagick/ImageMagick/issues/1599 (MISC)
https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (MISC)
https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d (MISC)
[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update (MLIST)
openSUSE-SU-2019:1983 (SUSE)
https://support.f5.com/csp/article/K20336394 (CONFIRM)
USN-4192-1 (UBUNTU)
DSA-4712 (DEBIAN)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
https://support.f5.com/csp/article/K20336394?utm_source=f5support&%3Butm_medium=RSS ()
CVE: CVE-2019-13308
CVE: CVE-2019-13308
Id:
CVE-2019-13308
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13308
Comment
: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a (MISC)
https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 (MISC)
https://github.com/ImageMagick/ImageMagick/issues/1595 (MISC)
openSUSE-SU-2019:1983 (SUSE)
USN-4192-1 (UBUNTU)
DSA-4712 (DEBIAN)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2019-13391
CVE: CVE-2019-13391
Id:
CVE-2019-13391
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13391
Comment
: In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984 (MISC)
https://github.com/ImageMagick/ImageMagick/issues/1588 (MISC)
https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7 (MISC)
openSUSE-SU-2019:1983 (SUSE)
USN-4192-1 (UBUNTU)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
CVE: CVE-2019-15139
CVE: CVE-2019-15139
Id:
CVE-2019-15139
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15139
Comment
: The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/ImageMagick/ImageMagick/issues/1553 (MISC)
https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7 (MISC)
[debian-lts-announce] 20191021 [SECURITY] [DLA 1968-1] imagemagick security update (MLIST)
USN-4192-1 (UBUNTU)
openSUSE-SU-2019:2515 (SUSE)
openSUSE-SU-2019:2519 (SUSE)
DSA-4712 (DEBIAN)
[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update (MLIST)
FEDORA-2019-f12cb1ddab ()
FEDORA-2019-210b0a6e4f ()
Content available only for registered users!
ovaldb@altx-soft.com