[SECURITY] [DLA 90-1] imagemagick security update

2014-11-2221:56:15

lists.debian.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Package : imagemagick
Version : 8:6.6.0.4-3+squeeze5
CVE ID : CVE-2014-8716
Debian Bug : 768494

Some special crafted JPEG file could lead to dos due to missing check in
embeded EXIF properties (EXIF directory offsets must be greater than 0).

OSVersionArchitecturePackageVersionFilename
Debian7amd64libmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian7armelimagemagick< 8:6.7.7.10-5+deb7u13imagemagick_8:6.7.7.10-5+deb7u13_armel.deb
Debian6i386libmagickcore3< 8:6.6.0.4-3+squeeze5libmagickcore3_8:6.6.0.4-3+squeeze5_i386.deb
Debian7armellibmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_armel.deb
Debian7i386perlmagick< 8:6.7.7.10-5+deb7u13perlmagick_8:6.7.7.10-5+deb7u13_i386.deb
Debian7armhflibmagick++5< 8:6.7.7.10-5+deb7u13libmagick++5_8:6.7.7.10-5+deb7u13_armhf.deb
Debian7i386libmagickwand-dev< 8:6.7.7.10-5+deb7u13libmagickwand-dev_8:6.7.7.10-5+deb7u13_i386.deb
Debian6allimagemagick-doc< 8:6.6.0.4-3+squeeze5imagemagick-doc_8:6.6.0.4-3+squeeze5_all.deb
Debian7allimagemagick< 8:6.7.7.10-5+deb7u13imagemagick_8:6.7.7.10-5+deb7u13_all.deb
Debian7armellibmagickcore-dev< 8:6.7.7.10-5+deb7u13libmagickcore-dev_8:6.7.7.10-5+deb7u13_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	libmagick++5	< 8:6.7.7.10-5+deb7u13	libmagick++5_8:6.7.7.10-5+deb7u13_amd64.deb
Debian	7	armel	imagemagick	< 8:6.7.7.10-5+deb7u13	imagemagick_8:6.7.7.10-5+deb7u13_armel.deb
Debian	6	i386	libmagickcore3	< 8:6.6.0.4-3+squeeze5	libmagickcore3_8:6.6.0.4-3+squeeze5_i386.deb
Debian	7	armel	libmagick++5	< 8:6.7.7.10-5+deb7u13	libmagick++5_8:6.7.7.10-5+deb7u13_armel.deb
Debian	7	i386	perlmagick	< 8:6.7.7.10-5+deb7u13	perlmagick_8:6.7.7.10-5+deb7u13_i386.deb
Debian	7	armhf	libmagick++5	< 8:6.7.7.10-5+deb7u13	libmagick++5_8:6.7.7.10-5+deb7u13_armhf.deb
Debian	7	i386	libmagickwand-dev	< 8:6.7.7.10-5+deb7u13	libmagickwand-dev_8:6.7.7.10-5+deb7u13_i386.deb
Debian	6	all	imagemagick-doc	< 8:6.6.0.4-3+squeeze5	imagemagick-doc_8:6.6.0.4-3+squeeze5_all.deb
Debian	7	all	imagemagick	< 8:6.7.7.10-5+deb7u13	imagemagick_8:6.7.7.10-5+deb7u13_all.deb
Debian	7	armel	libmagickcore-dev	< 8:6.7.7.10-5+deb7u13	libmagickcore-dev_8:6.7.7.10-5+deb7u13_armel.deb