- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2672-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 02, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : imagemagick Version : 8:6.9.7.4+dfsg-11+deb9u13 CVE ID : CVE-2020-27751 CVE-2021-20243 CVE-2021-20245 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 Multiple security issues have been discovered in imagemagick. CVE-2020-27751 A flaw was found in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. CVE-2021-20243 A flaw was found in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. CVE-2021-20245 A flaw was found in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. CVE-2021-20309 A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. CVE-2021-20312 An integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. CVE-2021-20313 A potential cipher leak when the calculate signatures in TransformSignature is possible. For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u13. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2672-1: imagemagick security update
June 3, 2021
Multiple security issues have been discovered in imagemagick
Summary
Debian LTS Advisory DLA-2672-1 de[email protected] https://www.debian.org/lts/security/ Anton Gladky June 02, 2021 https://wiki.debian.org/LTS Version : 8:6.9.7.4+dfsg-11+deb9u13 CVE-2021-20312 CVE-2021-20313 Multiple security issues have been discovered in imagemagick. CVE-2020-27751 A flaw was found in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. CVE-2021-20243 A flaw was found in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. CVE-2021-20245 A flaw was found in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. CVE-2021-20309 A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. CVE-2021-20312 An integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. CVE-2021-20313 A potential cipher leak when the calculate signatures in TransformSignature is possible. For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u13. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Severity
Package : imagemagick
CVE ID : CVE-2020-27751 CVE-2021-20243 CVE-2021-20245 CVE-2021-20309
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
