 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2024.0064 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2024-0064) |
| Summary: | The remote host is missing an update for the 'imagemagick' package(s) announced via the MGASA-2024-0064 advisory. |
| Description: | Summary: The remote host is missing an update for the 'imagemagick' package(s) announced via the MGASA-2024-0064 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. (CVE-2021-3610) A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. (CVE-2023-3195) A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428) This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151) Affected Software/OS: 'imagemagick' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3610 https://bugzilla.redhat.com/show_bug.cgi?id=1973689 https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 http://www.openwall.com/lists/oss-security/2023/05/29/4 http://www.openwall.com/lists/oss-security/2023/06/05/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-3195 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/ https://access.redhat.com/security/cve/CVE-2023-3195 https://bugzilla.redhat.com/show_bug.cgi?id=2214141 https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 https://www.openwall.com/lists/oss-security/2023/05/29/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-34151 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/ https://access.redhat.com/security/cve/CVE-2023-34151 https://bugzilla.redhat.com/show_bug.cgi?id=2210657 https://github.com/ImageMagick/ImageMagick/issues/6341 https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2023-3428 RHBZ#2218369 https://bugzilla.redhat.com/show_bug.cgi?id=2218369 https://access.redhat.com/security/cve/CVE-2023-3428 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |