| Summary: | The remote host is missing an update for the 'abydos, converseen, digikam, imagemagick, libopenshot, php-imagick, synfig, transcode, windowmaker, xine-lib1.2, zbar' package(s) announced via the MGASA-2022-0446 advisory. |
| Description: | Summary:
The remote host is missing an update for the 'abydos, converseen, digikam, imagemagick, libopenshot, php-imagick, synfig, transcode, windowmaker, xine-lib1.2, zbar' package(s) announced via the MGASA-2022-0446 advisory.
Vulnerability Insight:
A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)
A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)
An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)
A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20309)
A flaw was found in ImageMagick in versions before 7.0.11, where a
division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
may trigger undefined behavior via a crafted image file that is submitted
by an attacker processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20311)
A flaw was found in ImageMagick in versions 7.0.11, where an integer
overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20312)
A flaw was found in ImageMagick in versions before 7.0.11. A potential
cipher leak when the calculate signatures in TransformSignature is
possible. The highest threat from this vulnerability is to data
confidentiality. (CVE-2021-20313)
A heap-based-buffer-over-read flaw was found in ImageMagick's
GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is
triggered when an attacker passes a specially crafted Tagged Image File
Format (TIFF) image to convert it into a PICON file format. This issue can
potentially lead to a denial of service and information disclosure.
(CVE-2022-0284)
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo()
function of dcm.c file. This vulnerability is triggered when an attacker
passes a specially crafted DICOM image file to ImageMagick for conversion,
potentially leading to information disclosure and a denial of service.
(CVE-2022-1114)
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
(CVE-2022-1270)
In ImageMagick, a crafted file could trigger an assertion failure when a
call to WriteImages was made in MagickWand/operation.c, due to a NULL
image list. This could ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'abydos, converseen, digikam, imagemagick, libopenshot, php-imagick, synfig, transcode, windowmaker, xine-lib1.2, zbar' package(s) on Mageia 8.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
