https://bugzilla.redhat.com/show_bug.cgi?id=1894689

[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update

Multiple security vulnerabilities were found in Imagemagick. Missing or incomplete input sanitizing may lead to undefined behavior which can result in denial of service (application crash) or other unspecified impact.

For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u12.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2020-19667: Fixed a stack-based buffer overflow in     XPM coder could result in a crash (bsc#1179103).

  - CVE-2020-25664: Fixed a heap-based buffer overflow in     PopShortPixel (bsc#1179202).

  - CVE-2020-25665: Fixed a heap-based buffer overflow in     WritePALMImage (bsc#1179208).

  - CVE-2020-25666: Fixed an outside the range of     representable values of type 'int' and signed integer     overflow (bsc#1179212).

  - CVE-2020-25674: Fixed a heap-based buffer overflow in     WriteOnePNGImage (bsc#1179223).

  - CVE-2020-25675: Fixed an outside the range of     representable values of type 'long' and integer overflow     (bsc#1179240).

  - CVE-2020-25676: Fixed an outside the range of     representable values of type 'long' and integer overflow     at MagickCore/pixel.c (bsc#1179244).

  - CVE-2020-27750: Fixed a division by zero in     MagickCore/colorspace-private.h (bsc#1179260).

  - CVE-2020-27751: Fixed an integer overflow in     MagickCore/quantum-export.c (bsc#1179269).

  - CVE-2020-27752: Fixed a heap-based buffer overflow in     PopShortPixel in MagickCore/quantum-private.h     (bsc#1179346).

  - CVE-2020-27753: Fixed memory leaks in     AcquireMagickMemory function (bsc#1179397).

  - CVE-2020-27754: Fixed an outside the range of     representable values of type 'long' and signed integer     overflow at MagickCore/quantize.c (bsc#1179336).

  - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory     function in ImageMagick/MagickCore/memory.c     (bsc#1179345).

  - CVE-2020-27756: Fixed a division by zero at     MagickCore/geometry.c (bsc#1179221).

  - CVE-2020-27757: Fixed an outside the range of     representable values of type 'unsigned long long' at     MagickCore/quantum-private.h (bsc#1179268).

  - CVE-2020-27758: Fixed an outside the range of     representable values of type 'unsigned long long'     (bsc#1179276).

  - CVE-2020-27759: Fixed an outside the range of     representable values of type 'int' at     MagickCore/quantize.c (bsc#1179313).

  - CVE-2020-27760: Fixed a division by zero at     MagickCore/enhance.c (bsc#1179281).

  - CVE-2020-27761: Fixed an outside the range of     representable values of type 'unsigned long' at     coders/palm.c (bsc#1179315).

  - CVE-2020-27762: Fixed an outside the range of     representable values of type 'unsigned char'     (bsc#1179278).

  - CVE-2020-27763: Fixed a division by zero at     MagickCore/resize.c (bsc#1179312).

  - CVE-2020-27764: Fixed an outside the range of     representable values of type 'unsigned long' at     MagickCore/statistic.c (bsc#1179317).

  - CVE-2020-27765: Fixed a division by zero at     MagickCore/segment.c (bsc#1179311).

  - CVE-2020-27766: Fixed an outside the range of     representable values of type 'unsigned long' at     MagickCore/statistic.c (bsc#1179361).

  - CVE-2020-27767: Fixed an outside the range of     representable values of type 'float' at     MagickCore/quantum.h (bsc#1179322).

  - CVE-2020-27768: Fixed an outside the range of     representable values of type 'unsigned int' at     MagickCore/quantum-private.h (bsc#1179339).

  - CVE-2020-27769: Fixed an outside the range of     representable values of type 'float' at     MagickCore/quantize.c (bsc#1179321).

  - CVE-2020-27770: Fixed an unsigned offset overflowed at     MagickCore/string.c (bsc#1179343).

  - CVE-2020-27771: Fixed an outside the range of     representable values of type 'unsigned char' at     coders/pdf.c (bsc#1179327).

  - CVE-2020-27772: Fixed an outside the range of     representable values of type 'unsigned int' at     coders/bmp.c (bsc#1179347).

  - CVE-2020-27773: Fixed a division by zero at     MagickCore/gem-private.h (bsc#1179285).

  - CVE-2020-27774: Fixed an integer overflow at     MagickCore/statistic.c (bsc#1179333).

  - CVE-2020-27775: Fixed an outside the range of     representable values of type 'unsigned char' at     MagickCore/quantum.h (bsc#1179338).

  - CVE-2020-27776: Fixed an outside the range of     representable values of type 'unsigned long' at     MagickCore/statistic.c (bsc#1179362).

  - CVE-2020-29599: Fixed a shell command injection in
    -authenticate (bsc#1179753).

This update was imported from the SUSE:SLE-15:Update update project.

This update for ImageMagick fixes the following issues :

CVE-2020-19667: Fixed a stack-based buffer overflow in XPM coder could result in a crash (bsc#1179103).

CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).

CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).

CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).

CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).

CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).

CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).

CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260).

CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).

CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).

CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).

CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).

CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).

CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).

CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).

CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).

CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).

CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).

CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).

CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).

CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).

CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).

CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).

CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).

CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).

CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).

CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).

CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).

CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).

CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).

CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).

CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).

CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).

CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).

CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).

CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).

CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).

CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260).

CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).

CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).

CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).

CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).

CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).

CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221).

CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).

CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276).

CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).

CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).

CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).

CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).

CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).

CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).

CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).

CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).

CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).

CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).

CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).

CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).

CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).

CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).

CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).

CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).

CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).

CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

CVE-2020-19667: Fixed a stack-based buffer overflow in XPM coder could result in a crash (bsc#1179103).

CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).

CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).

CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).

CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).

CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).

CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).

CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260).

CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).

CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).

CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).

CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).

CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).

CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221).

CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).

CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276).

CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).

CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).

CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).

CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).

CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).

CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).

CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).

CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).

CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).

CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).

CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).

CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).

CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).

CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).

CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).

CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).

CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).

CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).

CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
148080	Debian DLA-2602-1 : imagemagick security update	Nessus	Debian Local Security Checks	medium
145394	openSUSE Security Update : ImageMagick (openSUSE-2021-148)	Nessus	SuSE Local Security Checks	medium
145363	SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2021:0199-1)	Nessus	SuSE Local Security Checks	medium
145361	openSUSE Security Update : ImageMagick (openSUSE-2021-136)	Nessus	SuSE Local Security Checks	medium
145198	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2021:0153-1)	Nessus	SuSE Local Security Checks	medium
145181	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2021:0156-1)	Nessus	SuSE Local Security Checks	medium

CVE-2020-27768

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

medium

medium

medium