Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2602-1:29BED
HistoryMar 23, 2021 - 10:55 p.m.

[SECURITY] [DLA 2602-1] imagemagick security update

2021-03-2322:55:18
lists.debian.org
70

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON

Debian LTS Advisory DLA-2602-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
March 23, 2021 https://wiki.debian.org/LTS

Package : imagemagick
Version : 8:6.9.7.4+dfsg-11+deb9u12
CVE ID : CVE-2020-25666 CVE-2020-25675 CVE-2020-25676 CVE-2020-27754
CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27761
CVE-2020-27762 CVE-2020-27764 CVE-2020-27766 CVE-2020-27767
CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771
CVE-2020-27772 CVE-2020-27774 CVE-2020-27775 CVE-2021-20176
CVE-2021-20241 CVE-2021-20244 CVE-2021-20246

Multiple security vulnerabilities were found in Imagemagick. Missing or
incomplete input sanitizing may lead to undefined behavior which can result
in denial of service (application crash) or other unspecified impact.

For Debian 9 stretch, these problems have been fixed in version
8:6.9.7.4+dfsg-11+deb9u12.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian9amd64imagemagick< 8:6.9.7.4+dfsg-11+deb9u12imagemagick_8:6.9.7.4+dfsg-11+deb9u12_amd64.deb
Debian9amd64libmagickcore-6.q16-dev< 8:6.9.7.4+dfsg-11+deb9u12libmagickcore-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u12_amd64.deb
Debian9armhflibmagickcore-6.q16-3< 8:6.9.7.4+dfsg-11+deb9u12libmagickcore-6.q16-3_8:6.9.7.4+dfsg-11+deb9u12_armhf.deb
Debian10amd64libmagick++-6.q16hdri-8< 8:6.9.10.23+dfsg-2.1+deb10u2libmagick++-6.q16hdri-8_8:6.9.10.23+dfsg-2.1+deb10u2_amd64.deb
Debian9arm64libmagickcore-6.q16-dev< 8:6.9.7.4+dfsg-11+deb9u12libmagickcore-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u12_arm64.deb
Debian10arm64libmagickcore-6-arch-config< 8:6.9.10.23+dfsg-2.1+deb10u2libmagickcore-6-arch-config_8:6.9.10.23+dfsg-2.1+deb10u2_arm64.deb
Debian10amd64libmagick++-6.q16-dev< 8:6.9.10.23+dfsg-2.1+deb10u2libmagick++-6.q16-dev_8:6.9.10.23+dfsg-2.1+deb10u2_amd64.deb
Debian10allimagemagick< 8:6.9.10.23+dfsg-2.1+deb10u2imagemagick_8:6.9.10.23+dfsg-2.1+deb10u2_all.deb
Debian9amd64libimage-magick-q16hdri-perl< 8:6.9.7.4+dfsg-11+deb9u12libimage-magick-q16hdri-perl_8:6.9.7.4+dfsg-11+deb9u12_amd64.deb
Debian10armhfimagemagick< 8:6.9.10.23+dfsg-2.1+deb10u2imagemagick_8:6.9.10.23+dfsg-2.1+deb10u2_armhf.deb
Rows per page:
1-10 of 1861

Related

nessus 20
osv 21
openvas 19
ubuntu 2
cloudfoundry 2
suse 3
debian 1
mageia 1
ubuntucve 17
redhatcve 17
prion 16
cvelist 15
debiancve 16
nvd 16
cve 15
veracode 16
alpinelinux 1
freebsd 1
nessus
nessus
Debian DLA-2602-1 : imagemagick security update
2021-03-24 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : ImageMagick vulnerabilities (USN-4988-1)
2021-06-15 00:00:00
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
osv
osv
imagemagick - security update
2021-03-22 00:00:00
imagemagick vulnerabilities
2021-06-15 11:11:56
imagemagick - security update
2023-03-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2602-1)
2021-03-24 00:00:00
Ubuntu: Security Advisory (USN-4988-1)
2021-06-16 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2021-06-15 00:00:00
ImageMagick vulnerabilities
2022-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-4988-1: ImageMagick vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
USN-5158-1: ImageMagick vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2021-01-24 00:00:00
Security update for ImageMagick (moderate)
2021-01-22 00:00:00
Security update for ImageMagick (moderate)
2021-03-03 00:00:00
debian
debian
[SECURITY] [DLA 3357-1] imagemagick security update
2023-03-11 19:39:30
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntucve
ubuntucve
CVE-2020-27774
2020-12-04 00:00:00
CVE-2020-27766
2020-12-04 00:00:00
CVE-2020-27754
2020-12-08 00:00:00
redhatcve
redhatcve
CVE-2020-27759
2020-11-24 19:54:22
CVE-2020-27758
2020-11-24 19:54:07
CVE-2020-27762
2020-11-24 19:54:12
prion
prion
Design/Logic Flaw
2020-12-08 22:15:00
Design/Logic Flaw
2020-12-04 15:15:00
Design/Logic Flaw
2020-12-03 17:15:00
cvelist
cvelist
CVE-2020-27758
2020-12-08 00:00:00
CVE-2020-27761
2020-12-03 00:00:00
CVE-2020-27766
2020-12-04 00:00:00
debiancve
debiancve
CVE-2020-27761
2020-12-03 17:15:12
CVE-2020-27767
2020-12-04 15:15:10
CVE-2020-27754
2020-12-08 22:15:18
nvd
nvd
CVE-2020-27761
2020-12-03 17:15:12
CVE-2020-27762
2020-12-03 17:15:12
CVE-2020-27768
2021-02-23 04:15:13
cve
cve
CVE-2020-27762
2020-12-03 17:15:12
CVE-2020-27761
2020-12-03 17:15:12
CVE-2020-27754
2020-12-08 22:15:18
veracode
veracode
Denial Of Service (DoS)
2020-12-06 04:01:21
Denial Of Service (DoS)
2020-12-06 04:00:43
Denial Of Service (DoS)
2020-11-26 06:14:11
alpinelinux
alpinelinux
CVE-2021-20241
2021-03-09 18:15:14
freebsd
freebsd
ImageMagick7 -- multiple vulnerabilities
2020-10-27 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON
Related for DEBIAN:DLA-2602-1:29BED
nessus20osv21openvas19ubuntu2cloudfoundry2suse3debian1mageia1ubuntucve17redhatcve17prion16cvelist15debiancve16nvd16cve15veracode16alpinelinux1freebsd1