Debian LTS: DLA-3429-1: imagemagick security update | LinuxSecurity...

What Are You Looking For?

Popular Tags

Sign Up

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3429-1                [email protected]
https://www.debian.org/lts/security/                    Bastien Roucaries
May 21, 2023                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : imagemagick
Version        : 8:6.9.10.23+dfsg-2.1+deb10u5
CVE ID         : CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 
                 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 
                 CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 
                 CVE-2022-32546 CVE-2022-32547
Debian Bug     : 996588 1013282 1016442

Multiple vulnerabilities were fixed in imagemagick, a software suite,
used for editing and manipulating digital images.

CVE-2021-20176

    A divide by zero was found in gem.c file.

CVE-2021-20241

    A divide by zero was found in  jp2 coder.

CVE-2021-20243

    A divide by zero was found in dcm coder.

CVE-2021-20244

    A divide by zero was found in fx.c.

CVE-2021-20245

    A divide by zero was found in webp coder.

CVE-2021-20246

    A divide by zero was found in resample.c.

CVE-2021-20309

    A divide by zero was found in WaveImage.c

CVE-2021-20312

    An integer overflow was found in WriteTHUMBNAILImage()
    of coders/thumbnail.c

CVE-2021-20313

    A potential cipher leak was found when the calculate
    signatures in TransformSignature().

CVE-2021-39212

    A policy bypass was found for postscript files.

CVE-2022-28463

    A bufer overflow was found in  buffer overflow in cin coder.

CVE-2022-32545

    A undefined behavior (conversion outside the range of
    representable values of type 'unsigned char') was found in psd
    file handling.

CVE-2022-32546

    A undefined behavior (conversion outside the range of
    representable values of type 'long') was found in pcl
    file handling.

CVE-2022-32547

    An unaligned access was found in property.c

For Debian 10 buster, these problems have been fixed in version
8:6.9.10.23+dfsg-2.1+deb10u5.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3429-1: imagemagick security update

May 21, 2023
Multiple vulnerabilities were fixed in imagemagick, a software suite, used for editing and manipulating digital images

Summary

CVE-2021-20176

A divide by zero was found in gem.c file.

CVE-2021-20241

A divide by zero was found in jp2 coder.

CVE-2021-20243

A divide by zero was found in dcm coder.

CVE-2021-20244

A divide by zero was found in fx.c.

CVE-2021-20245

A divide by zero was found in webp coder.

CVE-2021-20246

A divide by zero was found in resample.c.

CVE-2021-20309

A divide by zero was found in WaveImage.c

CVE-2021-20312

An integer overflow was found in WriteTHUMBNAILImage()
of coders/thumbnail.c

CVE-2021-20313

A potential cipher leak was found when the calculate
signatures in TransformSignature().

CVE-2021-39212

A policy bypass was found for postscript files.

CVE-2022-28463

A bufer overflow was found in buffer overflow in cin coder.

CVE-2022-32545

A undefined behavior (conversion outside the range of
representable values of type 'unsigned char') was found in psd
file handling.

CVE-2022-32546

A undefined behavior (conversion outside the range of
representable values of type 'long') was found in pcl
file handling.

CVE-2022-32547

An unaligned access was found in property.c

For Debian 10 buster, these problems have been fixed in version
8:6.9.10.23+dfsg-2.1+deb10u5.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u5
CVE ID : CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244
Debian Bug : 996588 1013282 1016442

Related News

OpenSSF: Making SBOMs More Dynamic to Reduce Software Security Risks

WebKitGTK Arbitrary Code Execution, Info Disclosure Bugs Fixed - Update Now

Git 2.40.1 & Other Updates Address Three High-Impact Security Vulnerabilities

Linux Kernel Logic Allowed Spectre Attack on 'Major Cloud Provider'

News

Advisories

HOWTOs

Features

Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation
Best Practices for PHP Security
Why Cloud Linux Is Beneficial for E-Commerce Stores

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy