-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3737-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès February 22, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : imagemagick Version : 8:6.9.10.23+dfsg-2.1+deb10u6 CVE ID : CVE-2023-1289 CVE-2023-5341 CVE-2023-34151 Imagemagick a graphical software suite for displaying, creating and modifying images was vulnerable. CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. CVE-2023-5341 A heap use-after-free flaw was found in coders/bmp.c CVE-2023-34151 A vulnerability was found in ImageMagick, due to undefined behaviors of casting double to size_t in svg, mvg and other coders Moreover a few potential security problems were fixed in the TIFF coders like for instance memory leaks. These issues were unfortunatly CVE less. CVE-2023-39978 (a deny of service) was also fixed by being introduced by partial fixes of these problems. For Debian 10 buster, these problems have been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u6. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmXXF80ACgkQADoaLapB CF9hXhAAp43a6tMffqIWbzcyvD/lLbexrhdyScUMqjye7Yej5DW7A1o1SONSA3Yv VZIK3WXqf+mA/Bu5CoWT8gUy3hJ09e6sDDXl0LAVeT0SZu7jKzinY5k0dudBOkVZ C8hJd7JNajcZ1+UcceJ99/uy/36YokwgG8CJLNVn6IFhfkcXeHY0itE5D8zXRqoa xVqdfXj0sp6Efm+1sb7nEjhna/QD0/yLp6Of6UbK9RjTUqVc+pg/v2HFH3ZyApA/ vdoN/nTlBxyT1h8vo6F3B6rV7V4XtegpWbM5qWTQKn2H64uw53f10mZ9n0EYqxWe IARBLkdtTEkC9CGTGGg9ZKANIuqp9SnybNhlazVgkXpcinjiZjPZSIp97fMxxEd6 SjwYj5zvvPNrjCFQLvU7Lwhiu4NSYeVXkO0ZatpvFBdE3FQ1RqZt62XQBn4SNAui BMe3H8Q55BcwUsUUHWz3dBN6gdaT6/E10eFaRRX+CuzAvA+pDzZ4dK9/om/goZt/ JFyWlIJAxt9083Fp2LQclCxnxhJpV8Nj8HOENdGg/ckonFIRX+sBy5h406/Dt1hN 7gcAh8NekbaeBp9Gfy74ENSXmokJkq7zMoY8FEbTbRMQ4WquURFC6yoO9aADTttI JYzf4LO9XDAukiO7xGk7zI0zEia6NsbEqi8mWxEanq9xO6eCl9I= =fBnL -----END PGP SIGNATURE-----