Lucene search

DebianDEBIAN:DLA-651-1:36F8B

HistoryOct 11, 2016 - 6:40 a.m.

[SECURITY] [DLA 651-1] graphicsmagick security update

2016-10-1106:40:00

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u4
CVE ID : CVE-2016-7446 CVE-2016-7447 CVE-2016-7449 CVE-2016-7800
Debian Bug :

Various security issues were found and fixed in graphicsmagick in Debian
wheezy LTS.

CVE-2016-7446

Heap buffer overflow issue in MVG/SVG rendering.

CVE-2016-7447

Heap overflow of the EscapeParenthesis() function

CVE-2016-7449

TIFF related problems due to use of strlcpy use.

CVE-2016-7800

Fix unsigned underflow leading to heap overflow when
parsing 8BIM chunk.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u4.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Brian May <[email protected]>

OSVersionArchitecturePackageVersionFilename
Debian8arm64libgraphicsmagick3< 1.3.20-3+deb8u2libgraphicsmagick3_1.3.20-3+deb8u2_arm64.deb
Debian7armellibgraphicsmagick3< 1.3.16-1.1+deb7u4libgraphicsmagick3_1.3.16-1.1+deb7u4_armel.deb
Debian8kfreebsd-i386libgraphics-magick-perl< 1.3.20-3+deb8u2libgraphics-magick-perl_1.3.20-3+deb8u2_kfreebsd-i386.deb
Debian8amd64graphicsmagick< 1.3.20-3+deb8u2graphicsmagick_1.3.20-3+deb8u2_amd64.deb
Debian8armellibgraphicsmagick3< 1.3.20-3+deb8u2libgraphicsmagick3_1.3.20-3+deb8u2_armel.deb
Debian8mipsellibgraphicsmagick3< 1.3.20-3+deb8u2libgraphicsmagick3_1.3.20-3+deb8u2_mipsel.deb
Debian8mipslibgraphicsmagick3< 1.3.20-3+deb8u2libgraphicsmagick3_1.3.20-3+deb8u2_mips.deb
Debian8ppc64ellibgraphics-magick-perl< 1.3.20-3+deb8u2libgraphics-magick-perl_1.3.20-3+deb8u2_ppc64el.deb
Debian8amd64libgraphics-magick-perl< 1.3.20-3+deb8u2libgraphics-magick-perl_1.3.20-3+deb8u2_amd64.deb
Debian7amd64libgraphicsmagick1-dev< 1.3.16-1.1+deb7u4libgraphicsmagick1-dev_1.3.16-1.1+deb7u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libgraphicsmagick3	< 1.3.20-3+deb8u2	libgraphicsmagick3_1.3.20-3+deb8u2_arm64.deb
Debian	7	armel	libgraphicsmagick3	< 1.3.16-1.1+deb7u4	libgraphicsmagick3_1.3.16-1.1+deb7u4_armel.deb
Debian	8	kfreebsd-i386	libgraphics-magick-perl	< 1.3.20-3+deb8u2	libgraphics-magick-perl_1.3.20-3+deb8u2_kfreebsd-i386.deb
Debian	8	amd64	graphicsmagick	< 1.3.20-3+deb8u2	graphicsmagick_1.3.20-3+deb8u2_amd64.deb
Debian	8	armel	libgraphicsmagick3	< 1.3.20-3+deb8u2	libgraphicsmagick3_1.3.20-3+deb8u2_armel.deb
Debian	8	mipsel	libgraphicsmagick3	< 1.3.20-3+deb8u2	libgraphicsmagick3_1.3.20-3+deb8u2_mipsel.deb
Debian	8	mips	libgraphicsmagick3	< 1.3.20-3+deb8u2	libgraphicsmagick3_1.3.20-3+deb8u2_mips.deb
Debian	8	ppc64el	libgraphics-magick-perl	< 1.3.20-3+deb8u2	libgraphics-magick-perl_1.3.20-3+deb8u2_ppc64el.deb
Debian	8	amd64	libgraphics-magick-perl	< 1.3.20-3+deb8u2	libgraphics-magick-perl_1.3.20-3+deb8u2_amd64.deb
Debian	7	amd64	libgraphicsmagick1-dev	< 1.3.16-1.1+deb7u4	libgraphicsmagick1-dev_1.3.16-1.1+deb7u4_amd64.deb