Debian Imagemagick vulnerabilities

CVE-2020-27762 [MEDIUM] CVE-2020-27762: imagemagick - A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a craft... A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior.

CVE-2020-25675 [LOW] CVE-2020-25675: imagemagick - In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, ro... In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems relate

CVE-2020-10251 [MEDIUM] CVE-2020-10251: imagemagick - In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the Read... In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in

CVE-2020-27776 [LOW] CVE-2020-27776: imagemagick - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submi... A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined beha

CVE-2020-27774 [LOW] CVE-2020-27774: imagemagick - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submi... A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavio

CVE-2020-27768 [LOW] CVE-2020-27768: imagemagick - In ImageMagick, there is an outside the range of representable values of type 'u... In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8

CVE-2020-27753 [MEDIUM] CVE-2020-27753: imagemagick - There are several memory leaks in the MIFF coder in /coders/miff.c due to improp... There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is wher

CVE-2020-27757 [LOW] CVE-2020-27757: imagemagick - A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-... A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because althoug

CVE-2020-27759 [LOW] CVE-2020-27759: imagemagick - In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted... In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it

CVE-2020-27771 [LOW] CVE-2020-27771: imagemagick - In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to G... In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat

CVE-2020-27763 [LOW] CVE-2020-27763: imagemagick - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits ... A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects Imag

CVE-2020-27767 [LOW] CVE-2020-27767: imagemagick - A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits... A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to u

CVE-2020-25666 [LOW] CVE-2020-25666: imagemagick - There are 4 places in HistogramCompare() in MagickCore/histogram.c where an inte... There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processe

CVE-2020-27755 [LOW] CVE-2020-27755: imagemagick - in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can ca... in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is pro

CVE-2020-27764 [LOW] CVE-2020-27764: imagemagick - In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() w... In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to applicat

CVE-2020-27560 [LOW] CVE-2020-27560: imagemagick - ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCo... ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.11.57+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.57+dfsg-1) forky: resolved (fixed in 8:6.9.11.57+dfsg-1) sid: resolved (fixed in 8:6.9.11.57+dfsg-1) trixie: resolved (fixed in 8:6.9.11

CVE-2020-27773 [LOW] CVE-2020-27773: imagemagick - A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who sub... A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems r

CVE-2020-27765 [LOW] CVE-2020-27765: imagemagick - A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits... A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects Ima

CVE-2020-25663 [MEDIUM] CVE-2020-25663: imagemagick - A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCor... A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely w

CVE-2020-25667 [MEDIUM] CVE-2020-25667: imagemagick - TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-b... TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability o