Lucene search

DebianDEBIAN:DLA-1968-1:A7B91

HistoryOct 21, 2019 - 9:04 a.m.

[SECURITY] [DLA 1968-1] imagemagick security update

2019-10-2109:04:57

lists.debian.org

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8.8 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.5%

JSON

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u18
CVE ID : CVE-2019-11470 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140

Multiple vulnerabilities have been found in imagemagick, an image processing
toolkit.

CVE-2019-11470

Uncontrolled resource consumption caused by insufficiently sanitized image
size in ReadCINImage (coders/cin.c). This vulnerability might be leveraged
by remote attackers to cause denial of service via a crafted Cineon image.

CVE-2019-14981

Divide-by-zero vulnerability in MeanShiftImage (magick/feature.c). This
vulnerability might be leveraged by remote attackers to cause denial of
service via crafted image data.

CVE-2019-15139

Out-of-bounds read in ReadXWDImage (coders/xwd.c). This vulnerability might
be leveraged by remote attackers to cause denial of service via a crafted
XWD (X Window System window dumping file) image file.

CVE-2019-15140

Bound checking issue in ReadMATImage (coders/mat.c), potentially leading to
use-after-free. This vulnerability might be leveraged by remote attackers to
cause denial of service or any other unspecified impact via a crafted MAT
image file.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u18.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8armhflibimage-magick-q16-perl< 8:6.8.9.9-5+deb8u18libimage-magick-q16-perl_8:6.8.9.9-5+deb8u18_armhf.deb
Debian9mipslibmagickwand-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u8libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_mips.deb
Debian10mipslibmagickcore-6.q16-6-extra< 8:6.9.10.23+dfsg-2.1+deb10u1libmagickcore-6.q16-6-extra_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian10armhfimagemagick-6.q16hdri< 8:6.9.10.23+dfsg-2.1+deb10u1imagemagick-6.q16hdri_8:6.9.10.23+dfsg-2.1+deb10u1_armhf.deb
Debian9arm64libimage-magick-q16hdri-perl-dbgsym< 8:6.9.7.4+dfsg-11+deb9u8libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_arm64.deb
Debian10mipslibmagick++-6.q16hdri-8< 8:6.9.10.23+dfsg-2.1+deb10u1libmagick++-6.q16hdri-8_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian10mipslibmagickcore-6.q16hdri-6-dbgsym< 8:6.9.10.23+dfsg-2.1+deb10u1libmagickcore-6.q16hdri-6-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian9mips64ellibmagick++-6.q16-7-dbgsym< 8:6.9.7.4+dfsg-11+deb9u8libmagick++-6.q16-7-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_mips64el.deb
Debian10mipsellibmagickwand-6.q16hdri-6-dbgsym< 8:6.9.10.23+dfsg-2.1+deb10u1libmagickwand-6.q16hdri-6-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mipsel.deb
Debian10mipslibmagick++-6.q16-8-dbgsym< 8:6.9.10.23+dfsg-2.1+deb10u1libmagick++-6.q16-8-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armhf	libimage-magick-q16-perl	< 8:6.8.9.9-5+deb8u18	libimage-magick-q16-perl_8:6.8.9.9-5+deb8u18_armhf.deb
Debian	9	mips	libmagickwand-6.q16-3-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u8	libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_mips.deb
Debian	10	mips	libmagickcore-6.q16-6-extra	< 8:6.9.10.23+dfsg-2.1+deb10u1	libmagickcore-6.q16-6-extra_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian	10	armhf	imagemagick-6.q16hdri	< 8:6.9.10.23+dfsg-2.1+deb10u1	imagemagick-6.q16hdri_8:6.9.10.23+dfsg-2.1+deb10u1_armhf.deb
Debian	9	arm64	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u8	libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_arm64.deb
Debian	10	mips	libmagick++-6.q16hdri-8	< 8:6.9.10.23+dfsg-2.1+deb10u1	libmagick++-6.q16hdri-8_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian	10	mips	libmagickcore-6.q16hdri-6-dbgsym	< 8:6.9.10.23+dfsg-2.1+deb10u1	libmagickcore-6.q16hdri-6-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb
Debian	9	mips64el	libmagick++-6.q16-7-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u8	libmagick++-6.q16-7-dbgsym_8:6.9.7.4+dfsg-11+deb9u8_mips64el.deb
Debian	10	mipsel	libmagickwand-6.q16hdri-6-dbgsym	< 8:6.9.10.23+dfsg-2.1+deb10u1	libmagickwand-6.q16hdri-6-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mipsel.deb
Debian	10	mips	libmagick++-6.q16-8-dbgsym	< 8:6.9.10.23+dfsg-2.1+deb10u1	libmagick++-6.q16-8-dbgsym_8:6.9.10.23+dfsg-2.1+deb10u1_mips.deb