MGASA-2022-0446
- Source
- https://advisories.mageia.org/MGASA-2022-0446.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0446.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2022-0446
- Related
- Published
- 2022-12-06T23:32:48Z
- Modified
- 2022-12-06T22:23:31Z
- Summary
- Updated imagemagick packages fix security vulnerability
- Details
-
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. (CVE-2021-3574)
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (CVE-2021-20224)
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309)
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311)
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312)
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20313)
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. (CVE-2022-0284)
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114)
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213)
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)
- References
-
- https://advisories.mageia.org/MGASA-2022-0446.html
- https://bugs.mageia.org/show_bug.cgi?id=29054
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
- https://ubuntu.com/security/notices/USN-5158-1
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
- https://www.debian.org/lts/security/2022/dla-3007
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
- https://ubuntu.com/security/notices/USN-5456-1
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
- https://ubuntu.com/security/notices/USN-5534-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
- https://ubuntu.com/security/notices/USN-5736-1
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:rpm/mageia/imagemagick?distro=mageia-8
Mageia:8 / abydos
Package
- Name
- abydos
- Purl
- pkg:rpm/mageia/abydos?distro=mageia-8
Mageia:8 / transcode
Package
- Name
- transcode
- Purl
- pkg:rpm/mageia/transcode?distro=mageia-8
Mageia:8 / xine-lib1.2
Package
- Name
- xine-lib1.2
- Purl
- pkg:rpm/mageia/xine-lib1.2?distro=mageia-8
Mageia:8 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:rpm/mageia/imagemagick?distro=mageia-8
Mageia:8 / abydos
Package
- Name
- abydos
- Purl
- pkg:rpm/mageia/abydos?distro=mageia-8
Mageia:8 / converseen
Package
- Name
- converseen
- Purl
- pkg:rpm/mageia/converseen?distro=mageia-8
Mageia:8 / digikam
Package
- Name
- digikam
- Purl
- pkg:rpm/mageia/digikam?distro=mageia-8
Mageia:8 / libopenshot
Package
- Name
- libopenshot
- Purl
- pkg:rpm/mageia/libopenshot?distro=mageia-8
Mageia:8 / php-imagick
Package
- Name
- php-imagick
- Purl
- pkg:rpm/mageia/php-imagick?distro=mageia-8
Mageia:8 / synfig
Package
- Name
- synfig
- Purl
- pkg:rpm/mageia/synfig?distro=mageia-8
Mageia:8 / windowmaker
Package
- Name
- windowmaker
- Purl
- pkg:rpm/mageia/windowmaker?distro=mageia-8
Mageia:8 / xine-lib1.2
Package
- Name
- xine-lib1.2
- Purl
- pkg:rpm/mageia/xine-lib1.2?distro=mageia-8
Mageia:8 / zbar
Package
- Name
- zbar
- Purl
- pkg:rpm/mageia/zbar?distro=mageia-8