Errata ALT-PU-2023-4999-3: Information

Package name: ImageMagick
Version: 6.9.12.93-alt1
Bulletin updated: Sept. 1, 2023
Task: #327302

Fixes

Published: Feb. 6, 2023

BDU:2023-00579

Уязвимость графического редактора ImageMagick, связанная с ошибками при обработке входных данных, позволяющая нарушителю получить доступ к защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 1, 2023

BDU:2023-02231

Уязвимость функции importmultispectralquantum() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Feb. 7, 2023
Modified: Nov. 7, 2023

CVE-2022-44268

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 13, 2023
Modified: Nov. 7, 2023

CVE-2023-1906

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Aug. 8, 2023
Modified: Nov. 30, 2023

CVE-2023-39978

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top