Debian Imagemagick vulnerabilities

CVE-2022-32546 [HIGH] CVE-2022-32546: imagemagick - A vulnerability was found in ImageMagick, causing an outside the range of repres... A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye:

CVE-2022-1115 [MEDIUM] CVE-2022-1115: imagemagick - A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function... A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolve

CVE-2022-44268 [MEDIUM] CVE-2022-44268: imagemagick - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a P... ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u1) forky

CVE-2022-3213 [MEDIUM] CVE-2022-3213: imagemagick - A heap buffer overflow issue was found in ImageMagick. When an application proce... A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u3) forky: resolved (fixed in 8:6.9.12.98+dfsg1-2) si

CVE-2022-44267 [MEDIUM] CVE-2022-44267: imagemagick - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG im... ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u1) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.6) sid: resolved (fixed in 8:6.

CVE-2022-2719 [MEDIUM] CVE-2022-2719: imagemagick - In ImageMagick, a crafted file could trigger an assertion failure when a call to... In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0284 [HIGH] CVE-2022-0284: imagemagick - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() fu... A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. Scope: local bookwo

CVE-2021-20313 [HIGH] CVE-2021-20313: imagemagick - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher le... A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u4) forky: resolved (fixed

CVE-2021-3610 [HIGH] CVE-2021-3610: imagemagick - A heap-based buffer overflow vulnerability was found in ImageMagick in versions ... A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+

CVE-2021-20312 [HIGH] CVE-2021-20312: imagemagick - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in... A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved

CVE-2021-20309 [HIGH] CVE-2021-20309: imagemagick - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, whe... A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8

CVE-2021-40211 [HIGH] CVE-2021-40211: imagemagick - An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in functio... An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u2) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.5) sid: resolved (fixed in 8:6.9.11.60+dfsg-1.5) trixie: resolved (fixed in 8:6.9

CVE-2021-39212 [MEDIUM] CVE-2021-39212: imagemagick - ImageMagick is free software delivered as a ready-to-run binary distribution or ... ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. . The issue has been r

CVE-2021-20243 [MEDIUM] CVE-2021-20243: imagemagick - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits ... A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in

CVE-2021-20176 [MEDIUM] CVE-2021-20176: imagemagick - A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c.... A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-1) bu

CVE-2021-20246 [MEDIUM] CVE-2021-20246: imagemagick - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submit... A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed i

CVE-2021-3596 [MEDIUM] CVE-2021-3596: imagemagick - A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.... A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-1) bullseye: r

CVE-2021-20224 [MEDIUM] CVE-2021-20224: imagemagick - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() f... An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. Scope: local bookworm: r

CVE-2021-4219 [MEDIUM] CVE-2021-4219: imagemagick - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of... A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u2) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.5) sid: resolved

CVE-2021-20244 [MEDIUM] CVE-2021-20244: imagemagick - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who ... A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (f