Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 1888-1] imagemagick security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'imagemagick' package(s) announced via the DSA-1888-1 advisory.
Insight
Insight
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974 NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data. CVE-2019-13135 Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data. CVE-2019-13295, CVE-2019-13297 Multiple heap buffer over-reads in AdaptiveThresholdImage (magick/threshold.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data. CVE-2019-13304, CVE-2019-13305, CVE-2019-13306 Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to stack buffer over write up to ten bytes. Remote attackers might leverage these flaws to potentially perform code execution or denial of service.
Affected Software
Affected Software
'imagemagick' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u17. We recommend that you upgrade your imagemagick packages.