MGASA-2024-0064

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2024-0064.html
Import Source
https://advisories.mageia.org/MGASA-2024-0064.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2024-0064
Related
Published
2024-03-15T22:51:55Z
Modified
2024-03-15T22:34:25Z
Summary
Updated imagemagick packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. (CVE-2021-3610) A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. (CVE-2023-3195) A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428) This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

References
Credits

Affected packages

Mageia:9 / imagemagick

Package

Name
imagemagick
Purl
pkg:rpm/mageia/imagemagick?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.1.29-1.mga9.tainted

Ecosystem specific 

{
    "section": "tainted"
}

Mageia:9 / imagemagick

Package

Name
imagemagick
Purl
pkg:rpm/mageia/imagemagick?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.1.29-1.mga9

Ecosystem specific 

{
    "section": "core"
}