Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:32604
[Eng]
Version
7
Class
patch
ALTXid
181612
Language
Russian
Severity
Critical
Title
Обновление DLA-1401-1 -- устранение уязвимостей в graphicsmagick
Description
Various security issues were discovered in Graphicsmagick, a collection of image processing tools.
Family
unix
Platform
Debian 8
Product
graphicsmagick
Reference
VENDOR: DLA-1401-1
VENDOR: DLA-1401-1
Id:
DLA-1401-1
Reference:
https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201806/msg00009.html
CVE: CVE-2016-3716
CVE: CVE-2016-3716
Id:
CVE-2016-3716
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
Comment
: The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 (CONFIRM)
https://www.imagemagick.org/script/changelog.php (CONFIRM)
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog (CONFIRM)
[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714 (MLIST)
USN-2990-1 (UBUNTU)
RHSA-2016:0726 (REDHAT)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (CONFIRM)
SUSE-SU-2016:1275 (SUSE)
openSUSE-SU-2016:1261 (SUSE)
SUSE-SU-2016:1260 (SUSE)
DSA-3580 (DEBIAN)
SSA:2016-132-01 (SLACKWARE)
openSUSE-SU-2016:1266 (SUSE)
GLSA-201611-21 (GENTOO)
39767 (EXPLOIT-DB)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
20160513 May 2016 - HipChat Server - Critical Security Advisory (BUGTRAQ)
CVE: CVE-2016-3717
CVE: CVE-2016-3717
Id:
CVE-2016-3717
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
Comment
: The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 (CONFIRM)
https://www.imagemagick.org/script/changelog.php (CONFIRM)
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog (CONFIRM)
[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714 (MLIST)
USN-2990-1 (UBUNTU)
RHSA-2016:0726 (REDHAT)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (CONFIRM)
SUSE-SU-2016:1275 (SUSE)
openSUSE-SU-2016:1261 (SUSE)
openSUSE-SU-2016:1326 (SUSE)
SUSE-SU-2016:1260 (SUSE)
DSA-3580 (DEBIAN)
SSA:2016-132-01 (SLACKWARE)
openSUSE-SU-2016:1266 (SUSE)
GLSA-201611-21 (GENTOO)
39767 (EXPLOIT-DB)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
20160513 May 2016 - HipChat Server - Critical Security Advisory (BUGTRAQ)
CVE: CVE-2016-3718
CVE: CVE-2016-3718
Id:
CVE-2016-3718
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
Comment
: The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
CWE:
20 (Improper Input Validation)
References:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 (CONFIRM)
https://www.imagemagick.org/script/changelog.php (CONFIRM)
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog (CONFIRM)
[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714 (MLIST)
USN-2990-1 (UBUNTU)
RHSA-2016:0726 (REDHAT)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (CONFIRM)
SUSE-SU-2016:1275 (SUSE)
openSUSE-SU-2016:1261 (SUSE)
openSUSE-SU-2016:1326 (SUSE)
SUSE-SU-2016:1260 (SUSE)
DSA-3580 (DEBIAN)
SSA:2016-132-01 (SLACKWARE)
openSUSE-SU-2016:1266 (SUSE)
GLSA-201611-21 (GENTOO)
39767 (EXPLOIT-DB)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
20160513 May 2016 - HipChat Server - Critical Security Advisory (BUGTRAQ)
CVE: CVE-2016-5241
CVE: CVE-2016-5241
Id:
CVE-2016-5241
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5241
Comment
: magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
189 (Numeric Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1333410 (CONFIRM)
89348 (BID)
[oss-security] 20160602 Re: CVE request: DoS in multiple versions of GraphicsMagick (MLIST)
[oss-security] 20160501 Re: CVE request: DoS in multiple versions of GraphicsMagick (MLIST)
http://www.graphicsmagick.org/NEWS.html#may-30-2016 (CONFIRM)
openSUSE-SU-2016:2073 (SUSE)
openSUSE-SU-2016:1724 (SUSE)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
CVE: CVE-2016-7446
CVE: CVE-2016-7446
Id:
CVE-2016-7446
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7446
Comment
: Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1374233 (CONFIRM)
93074 (BID)
[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues (MLIST)
openSUSE-SU-2016:2644 (SUSE)
openSUSE-SU-2016:2641 (SUSE)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
CVE: CVE-2016-7447
CVE: CVE-2016-7447
Id:
CVE-2016-7447
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7447
Comment
: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1374233 (CONFIRM)
93074 (BID)
[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues (MLIST)
openSUSE-SU-2016:2644 (SUSE)
openSUSE-SU-2016:2641 (SUSE)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
CVE: CVE-2016-7448
CVE: CVE-2016-7448
Id:
CVE-2016-7448
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7448
Comment
: The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1374233 (CONFIRM)
93074 (BID)
[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues (MLIST)
openSUSE-SU-2016:2644 (SUSE)
openSUSE-SU-2016:2641 (SUSE)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
CVE: CVE-2016-7449
CVE: CVE-2016-7449
Id:
CVE-2016-7449
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7449
Comment
: The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1374233 (CONFIRM)
93074 (BID)
[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues (MLIST)
openSUSE-SU-2016:2644 (SUSE)
openSUSE-SU-2016:2641 (SUSE)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
CVE: CVE-2017-11636
CVE: CVE-2017-11636
Id:
CVE-2017-11636
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11636
Comment
: GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c (CONFIRM)
99978 (BID)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4206-1 (UBUNTU)
CVE: CVE-2017-11643
CVE: CVE-2017-11643
Id:
CVE-2017-11643
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11643
Comment
: GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71 (CONFIRM)
100357 (BID)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
CVE: CVE-2017-12937
CVE: CVE-2017-12937
Id:
CVE-2017-12937
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12937
Comment
: The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/ (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 (MISC)
100442 (BID)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-13063
CVE: CVE-2017-13063
Id:
CVE-2017-13063
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13063
Comment
: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://sourceforge.net/p/graphicsmagick/bugs/434/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a (CONFIRM)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-13064
CVE: CVE-2017-13064
Id:
CVE-2017-13064
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13064
Comment
: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://sourceforge.net/p/graphicsmagick/bugs/436/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a (CONFIRM)
100474 (BID)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-13065
CVE: CVE-2017-13065
Id:
CVE-2017-13065
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13065
Comment
: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://sourceforge.net/p/graphicsmagick/bugs/435/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a (CONFIRM)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-13134
CVE: CVE-2017-13134
Id:
CVE-2017-13134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134
Comment
: In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/ImageMagick/ImageMagick/issues/670 (CONFIRM)
100476 (BID)
GLSA-201711-07 (GENTOO)
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05 (MISC)
DSA-4032 (DEBIAN)
DSA-4040 (DEBIAN)
[debian-lts-announce] 20171114 [SECURITY] [DLA 1170-1] graphicsmagick security update (MLIST)
USN-3681-1 (UBUNTU)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4222-1 (UBUNTU)
CVE: CVE-2017-14314
CVE: CVE-2017-14314
Id:
CVE-2017-14314
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14314
Comment
: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/448/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78 (CONFIRM)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4232-1 (UBUNTU)
CVE: CVE-2017-14733
CVE: CVE-2017-14733
Id:
CVE-2017-14733
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14733
Comment
: ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/458/ (CONFIRM)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4232-1 (UBUNTU)
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=5381c71724e3 ()
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-16353
CVE: CVE-2017-16353
Id:
CVE-2017-16353
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16353
Comment
: GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://blogs.securiteam.com/index.php/archives/3494 (MISC)
ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt (MISC)
101653 (BID)
43111 (EXPLOIT-DB)
[debian-lts-announce] 20171103 [SECURITY] [DLA 1159-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4232-1 (UBUNTU)
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=e4e1c2a581d8 ()
CVE: CVE-2017-16669
CVE: CVE-2017-16669
Id:
CVE-2017-16669
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16669
Comment
: coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://sourceforge.net/p/graphicsmagick/bugs/450/ (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6 (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e (MISC)
http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d (MISC)
101795 (BID)
[debian-lts-announce] 20171110 [SECURITY] [DLA 1168-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
CVE: CVE-2017-17498
CVE: CVE-2017-17498
Id:
CVE-2017-17498
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17498
Comment
: WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://sourceforge.net/p/graphicsmagick/bugs/525/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260 (CONFIRM)
102158 (BID)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-17500
CVE: CVE-2017-17500
Id:
CVE-2017-17500
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17500
Comment
: ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/523/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 (CONFIRM)
102164 (BID)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-17501
CVE: CVE-2017-17501
Id:
CVE-2017-17501
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17501
Comment
: WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/526/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 (CONFIRM)
102185 (BID)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-17502
CVE: CVE-2017-17502
Id:
CVE-2017-17502
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17502
Comment
: ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/521/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 (CONFIRM)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-17503
CVE: CVE-2017-17503
Id:
CVE-2017-17503
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17503
Comment
: ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/522/ (CONFIRM)
http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad (CONFIRM)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
FEDORA-2019-da4c20882c ()
FEDORA-2019-425a1aa7c9 ()
CVE: CVE-2017-17782
CVE: CVE-2017-17782
Id:
CVE-2017-17782
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17782
Comment
: In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/530/ (CONFIRM)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4248-1 (UBUNTU)
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=8e3d2264109c ()
CVE: CVE-2017-17912
CVE: CVE-2017-17912
Id:
CVE-2017-17912
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17912
Comment
: In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/533/ (CONFIRM)
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f (CONFIRM)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4266-1 (UBUNTU)
CVE: CVE-2017-17915
CVE: CVE-2017-17915
Id:
CVE-2017-17915
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17915
Comment
: In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://sourceforge.net/p/graphicsmagick/bugs/535/ (CONFIRM)
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a (CONFIRM)
[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update (MLIST)
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update (MLIST)
DSA-4321 (DEBIAN)
USN-4266-1 (UBUNTU)
Content available only for registered users!
ovaldb@altx-soft.com