Debian Imagemagick vulnerabilities

CVE-2021-20245 [MEDIUM] CVE-2021-20245: imagemagick - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a craf... A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.

CVE-2021-20241 [MEDIUM] CVE-2021-20241: imagemagick - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a craft... A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.1

CVE-2021-3574 [LOW] CVE-2021-3574: imagemagick - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted fil... A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u2) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.5) sid: resolved (fixed in 8:6.9.11.60+dfsg-1.5) trixie: resolve

CVE-2021-20311 [HIGH] CVE-2021-20311: imagemagick - A flaw was found in ImageMagick in versions before 7.0.11, where a division by z... A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Scope: local bookwo

CVE-2021-20310 [HIGH] CVE-2021-20310: imagemagick - A flaw was found in ImageMagick in versions before 7.0.11, where a division by z... A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Scope: local bookworm:

CVE-2021-3962 [HIGH] CVE-2021-3962: imagemagick - A flaw was found in ImageMagick where it did not properly sanitize certain input... A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system avai

CVE-2020-29599 [HIGH] CVE-2020-29599: imagemagick - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authentica... ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-

CVE-2020-19667 [HIGH] CVE-2020-19667: imagemagick - Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm... Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2020-13902 [HIGH] CVE-2020-13902: imagemagick - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in Blob... ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (f

CVE-2020-27766 [HIGH] CVE-2020-27766: imagemagick - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submi... A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined b

CVE-2020-27752 [HIGH] CVE-2020-27752: imagemagick - A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who... A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.

CVE-2020-25665 [MEDIUM] CVE-2020-25665: imagemagick - The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMe... The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick ver

CVE-2020-27750 [MEDIUM] CVE-2020-27750: imagemagick - A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCor... A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but

CVE-2020-27760 [MEDIUM] CVE-2020-27760: imagemagick - In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's... In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick

CVE-2020-25674 [MEDIUM] CVE-2020-25674: imagemagick - WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an impr... WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The pa

CVE-2020-27756 [MEDIUM] CVE-2020-27756: imagemagick - In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculat... In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal(

CVE-2020-27770 [MEDIUM] CVE-2020-27770: imagemagick - Due to a missing check for 0 value of `replace_extent`, it is possible for offse... Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. Scope: local bookworm: resolved (fixed in 8:6.9

CVE-2020-27829 [MEDIUM] CVE-2020-27829: imagemagick - A heap based buffer overflow in coders/tiff.c may result in program crash and de... A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.57+dfsg-1) forky: resolved (fixed in 8:6.9.11.57+dfsg-1) sid: resolved (fixed in 8:6.9.11.57+dfsg-1) trixie: resolved (fixed in 8:6.9

CVE-2020-25664 [MEDIUM] CVE-2020-25664: imagemagick - In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to Acqu... In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with

CVE-2020-25676 [MEDIUM] CVE-2020-25676: imagemagick - In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePix... In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and inte