Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3737-1:D8241
HistoryFeb 22, 2024 - 9:45 a.m.

[SECURITY] [DLA 3737-1] imagemagick security update

2024-02-2209:45:50
lists.debian.org
7
cve-2023-1289
update
vulnerability
cve-2023-34151
memory leaks
debian
imagemagick
denial of service
cve-2023-5341
debian 10 buster
security

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON

Debian LTS Advisory DLA-3737-1 [email protected]
https://www.debian.org/lts/security/ Bastien Roucariès
February 22, 2024 https://wiki.debian.org/LTS

Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u6
CVE ID : CVE-2023-1289 CVE-2023-5341 CVE-2023-34151

Imagemagick a graphical software suite for displaying, creating and
modifying images was vulnerable.

CVE-2023-1289

A vulnerability was discovered
in ImageMagick where a specially created SVG file
loads itself and causes a segmentation fault.
This flaw allows a remote attacker to pass a
specially crafted SVG file that leads to a segmentation
fault, generating many trash files in "/tmp," resulting in
a denial of service. When ImageMagick crashes, it generates
a lot of trash files. These trash files can be large if the
SVG file contains many render actions.

CVE-2023-5341

A heap use-after-free flaw was found in coders/bmp.c

CVE-2023-34151

A vulnerability was found in ImageMagick,
due to undefined behaviors of casting double to size_t in
svg, mvg and other coders

Moreover a few potential security problems were fixed in the
TIFF coders like for instance memory leaks. These issues were
unfortunatly CVE less. CVE-2023-39978 (a deny of service)
was also fixed by being introduced by partial fixes
of these problems.

For Debian 10 buster, these problems have been fixed in version
8:6.9.10.23+dfsg-2.1+deb10u6.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10arm64libmagickwand-6.q16-6< 8:6.9.10.23+dfsg-2.1+deb10u6libmagickwand-6.q16-6_8:6.9.10.23+dfsg-2.1+deb10u6_arm64.deb
Debian11mips64ellibmagickcore-6.q16-6-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u3libmagickcore-6.q16-6-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u3_mips64el.deb
Debian12arm64libimage-magick-q16hdri-perl-dbgsym< 8:6.9.11.60+dfsg-1.6+deb12u1libimage-magick-q16hdri-perl-dbgsym_8:6.9.11.60+dfsg-1.6+deb12u1_arm64.deb
Debian12mips64ellibmagick++-6.q16hdri-dev< 8:6.9.11.60+dfsg-1.6+deb12u1libmagick++-6.q16hdri-dev_8:6.9.11.60+dfsg-1.6+deb12u1_mips64el.deb
Debian12alllibmagick++-dev< 8:6.9.11.60+dfsg-1.6+deb12u1libmagick++-dev_8:6.9.11.60+dfsg-1.6+deb12u1_all.deb
Debian11ppc64ellibimage-magick-q16-perl-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u3libimage-magick-q16-perl-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u3_ppc64el.deb
Debian11amd64libmagickwand-6.q16-6< 8:6.9.11.60+dfsg-1.3+deb11u3libmagickwand-6.q16-6_8:6.9.11.60+dfsg-1.3+deb11u3_amd64.deb
Debian12i386libmagickwand-6.q16-dev< 8:6.9.11.60+dfsg-1.6+deb12u1libmagickwand-6.q16-dev_8:6.9.11.60+dfsg-1.6+deb12u1_i386.deb
Debian10amd64libmagick++-6.q16hdri-dev< 8:6.9.10.23+dfsg-2.1+deb10u6libmagick++-6.q16hdri-dev_8:6.9.10.23+dfsg-2.1+deb10u6_amd64.deb
Debian11arm64libmagick++-6.q16hdri-8-dbgsym< 8:6.9.11.60+dfsg-1.3+deb11u3libmagick++-6.q16hdri-8-dbgsym_8:6.9.11.60+dfsg-1.3+deb11u3_arm64.deb
Rows per page:
1-10 of 6951

Related

nessus 34
openvas 15
osv 8
cvelist 4
prion 4
debiancve 4
debian 1
redhatcve 4
nvd 4
amazon 6
ubuntucve 4
cve 4
redos 4
veracode 3
wolfi 1
cgr 1
alpinelinux 3
ubuntu 2
mageia 2
photon 7
fedora 4
gentoo 1
oracle 1
nessus
nessus
Debian dla-3737 : imagemagick - security update
2024-02-22 00:00:00
Debian dsa-5628 : imagemagick - security update
2024-02-22 00:00:00
Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2023-320)
2023-09-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3737-1)
2024-02-22 00:00:00
Debian: Security Advisory (DSA-5628-1)
2024-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2345-1)
2023-06-02 00:00:00
osv
osv
imagemagick - security update
2024-02-22 00:00:00
imagemagick - security update
2024-02-22 00:00:00
CVE-2023-39978
2023-08-08 06:15:47
cvelist
cvelist
CVE-2023-39978
2023-08-08 00:00:00
CVE-2023-5341 Imagemagick: heap use-after-free in coders/bmp.c
2023-11-19 09:20:12
CVE-2023-1289
2023-03-23 00:00:00
prion
prion
Denial of service
2023-08-08 06:15:00
Heap overflow
2023-11-19 10:15:00
Design/Logic Flaw
2023-03-23 20:15:00
debiancve
debiancve
CVE-2023-39978
2023-08-08 06:15:47
CVE-2023-5341
2023-11-19 10:15:49
CVE-2023-1289
2023-03-23 20:15:14
debian
debian
[SECURITY] [DSA 5628-1] imagemagick security update
2024-02-22 19:05:16
redhatcve
redhatcve
CVE-2023-39978
2023-08-09 20:49:06
CVE-2023-34151
2023-05-29 05:40:17
CVE-2023-5341
2023-10-04 11:25:00
nvd
nvd
CVE-2023-39978
2023-08-08 06:15:47
CVE-2023-5341
2023-11-19 10:15:49
CVE-2023-1289
2023-03-23 20:15:14
amazon
amazon
Medium: ImageMagick
2023-09-27 22:15:00
Medium: ImageMagick
2023-09-27 22:48:00
Medium: ImageMagick
2023-10-12 15:48:00
ubuntucve
ubuntucve
CVE-2023-39978
2023-08-08 00:00:00
CVE-2023-5341
2023-11-19 00:00:00
CVE-2023-1289
2023-03-23 00:00:00
cve
cve
CVE-2023-39978
2023-08-08 06:15:47
CVE-2023-5341
2023-11-19 10:15:49
CVE-2023-1289
2023-03-23 20:15:14
redos
redos
ROS-20230908-05
2023-09-08 00:00:00
ROS-20240409-03
2024-04-09 00:00:00
ROS-20230417-03
2023-04-17 00:00:00
veracode
veracode
Integer Overflow
2023-06-16 10:26:54
Use After Free
2023-11-07 05:37:47
Denial Of Service (DoS)
2023-03-30 08:07:47
wolfi
wolfi
CVE-2023-5341 vulnerabilities
2024-06-26 15:33:03
cgr
cgr
CVE-2023-5341 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2023-5341
2023-11-19 10:15:49
CVE-2023-1289
2023-03-23 20:15:14
CVE-2023-34151
2023-05-30 22:15:00
ubuntu
ubuntu
ImageMagick vulnerability
2024-02-01 00:00:00
ImageMagick vulnerabilities
2023-07-04 00:00:00
mageia
mageia
Updated imgagmagick packages fix security vulnerability
2023-04-11 22:02:20
Updated imagemagick packages fix security vulnerabilities
2024-03-16 01:51:55
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0021
2023-06-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0402
2023-06-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0524
2023-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.93-1.fc37
2023-08-31 01:20:29
[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.26-2.fc38
2024-01-24 01:33:26
[SECURITY] Fedora 39 Update: ImageMagick-7.1.1.26-2.fc39
2024-01-23 00:59:10
gentoo
gentoo
ImageMagick: Multiple Vulnerabilities
2024-05-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON
Related for DEBIAN:DLA-3737-1:D8241
nessus34openvas15osv8cvelist4prion4debiancve4debian1redhatcve4nvd4amazon6ubuntucve4cve4redos4veracode3wolfi1cgr1alpinelinux3ubuntu2mageia2photon7fedora4gentoo1oracle1