Mageia 8: MGASA-2022-0446 Moderate: ImageMagick DoS And Memory Leak
mageia
December 7, 2022
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks
Summary
A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)
A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)
An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)
A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability i...
References
- https://bugs.mageia.org/show_bug.cgi?id=29054
-
- https://ubuntu.com/security/notices/USN-5158-1
-
- https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html
-
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
- https://ubuntu.com/security/notices/USN-5456-1
-
- https://ubuntu.com/security/notices/USN-5534-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
-
- https://ubuntu.com/security/notices/USN-5736-1
- https://www.cve.org/CVERecord?id=CVE-2021-3574
- https://www.cve.org/CVERecord?id=CVE-2021-4219
- https://www.cve.org/CVERecord?id=CVE-2021-20224
- https://www.cve.org/CVERecord?id=CVE-2021-20309
- https://www.cve.org/CVERecord?id=CVE-2021-20311
- https://www.cve.org/CVERecord?id=CVE-2021-20312
- https://www.cve.org/CVERecord?id=CVE-2021-20313
- https://www.cve.org/CVERecord?id=CVE-2022-0284
- https://www.cve.org/CVERecord?id=CVE-2022-1114
- https://www.cve.org/CVERecord?id=CVE-2022-1270
- https://www.cve.org/CVERecord?id=CVE-2022-2719
- https://www.cve.org/CVERecord?id=CVE-2022-3213
- https://www.cve.org/CVERecord?id=CVE-2022-28463
- https://www.cve.org/CVERecord?id=CVE-2022-32545
- https://www.cve.org/CVERecord?id=CVE-2022-32546
- https://www.cve.org/CVERecord?id=CVE-2022-32547
Topics Covered
Resolution
SRPMS
- 8/tainted/imagemagick-7.1.0.52-1.1.mga8.tainted
- 8/tainted/abydos-0.2.3-4.2.mga8.tainted
- 8/tainted/transcode-1.1.7-29.2.mga8.tainted
- 8/tainted/xine-lib1.2-1.2.11-1.2.mga8.tainted
- 8/core/imagemagick-7.1.0.52-1.1.mga8
- 8/core/abydos-0.2.3-4.2.mga8
- 8/core/converseen-0.9.8.1-4.2.mga8
- 8/core/digikam-7.1.0-4.2.mga8
- 8/core/libopenshot-0.2.5-5.2.mga8
- 8/core/php-imagick-3.4.5-0.git20201230.2.2.mga8
- 8/core/synfig-1.2.2-11.2.mga8
- 8/core/windowmaker-0.95.9-3.2.mga8
- 8/core/xine-lib1.2-1.2.11-1.2.mga8
- 8/core/zbar-0.23.1-5.2.mga8
PREVIOUS
NEXT
Publication date: 06 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0446.html
Type: security
CVE: CVE-2021-3574,
CVE-2021-4219,
CVE-2021-20224,
CVE-2021-20309,
CVE-2021-20311,
CVE-2021-20312,
CVE-2021-20313,
CVE-2022-0284,
CVE-2022-1114,
CVE-2022-1270,
CVE-2022-2719,
CVE-2022-3213,
CVE-2022-28463,
CVE-2022-32545,
CVE-2022-32546,
CVE-2022-32547
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!