[Git][security-tracker-team/security-tracker][master] CVE-2023-2157/imagemagick

Sun, 17 Mar 2024 15:49:39 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
66f314e8 by Bastien Roucariès at 2024-03-17T22:46:00+00:00
CVE-2023-2157/imagemagick

This CVE was in the code supporting exif feature following  
https://github.com/ImageMagick/ImageMagick/issues/5768

First commit introducing this feature was in 
https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08

This commit does not pin point the exact point where the CVE was introduced but 
version before 6.9.12.72, does not read the exif and thus
did not trigger the CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53546,11 +53546,13 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are 
vulnerable to user imperso
        NOT-FOR-US: Code Dx
 CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the 
ImageMagic ...)
        - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476)
-       [bookworm] - imagemagick <no-dsa> (Minor issue)
-       [bullseye] - imagemagick <no-dsa> (Minor issue)
+       [bookworm] - imagemagick <not-affected> (Vulnerable code introduced 
later)
+       [bullseye] - imagemagick <not-affected> (Vulnerable code introduced 
later)
        [buster] - imagemagick <not-affected> (Vulnerable code was introduced 
later)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b
 (7.1.1-7)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673
 (6.9.12-85)
+       NOTE: Introduced by: 
https://github.com/ImageMagick/ImageMagick/issues/5768
+       NOTE: Introduced by: 
https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08
 (exif feature not present before this commit 6.9.12.72)
 CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux 
kernel withi ...)
        {DSA-5453-1 DSA-5448-1 DLA-3512-1}
        - linux 6.3.11-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to