| Description: | Summary:
The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DLA-3357-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in imagemagick that may lead to a privilege escalation, denial of service or information leaks.
CVE-2020-19667
A stack-based buffer overflow and unconditional jump was found in ReadXPMImage in coders/xpm.c
CVE-2020-25665
An out-of-bounds read in the PALM image coder was found in WritePALMImage in coders/palm.c
CVE-2020-25666
An integer overflow was possible during simple math calculations in HistogramCompare() in MagickCore/histogram.c
CVE-2020-25674
A for loop with an improper exit condition was found that can allow an out-of-bounds READ via heap-buffer-overflow in WriteOnePNGImage from coders/png.c
CVE-2020-25675
A undefined behavior was found in the form of integer overflow and out-of-range values as a result of rounding calculations performed on unconstrained pixel offsets in the CropImage() and CropImageToTiles() routines of MagickCore/transform.c
CVE-2020-25676
A undefined behavior was found in the form of integer overflow and out-of-range values as a result of rounding calculations performed on unconstrained pixel offsets in CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c
CVE-2020-27560
A division by Zero was found in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2020-27750
A division by Zero was found in MagickCore/colorspace-private.h and MagickCore/quantum.h, which may cause a denial of service
CVE-2020-27751
A undefined behavior was found in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type in MagickCore/quantum-export.c
CVE-2020-27754
A integer overflow was found in IntensityCompare() of /magick/quantize.c
CVE-2020-27756
A division by zero was found in ParseMetaGeometry() of MagickCore/geometry.c. Image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior.
CVE-2020-27757
A undefined behavior was found in MagickCore/quantum-private.h A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long.
CVE-2020-27758
Undefined behavior was found in the form of values outside the range of type `unsigned long long` in coders/txt.c
CVE-2020-27759
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned.
CVE-2020-27760
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed.
CVE-2020-27761
WritePALMImage() in /coders/palm.c used size_t casts in several ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'imagemagick' package(s) on Debian 10.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
