diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-09-07 08:10:16 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-09-07 08:10:16 +0000 |
| commit | 74789c21a3ad4e3bb20d0d61a4e013c7972a1b8e (patch) | |
| tree | 11abc3cc7b96db42698e4bafbe0f20aed3080670 /data/CVE/2017.list | |
| parent | fa1ddfb647a9d2bdd287b5c4f3558b175d1167b1 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2017.list')
| -rw-r--r-- | data/CVE/2017.list | 82 |
1 files changed, 43 insertions, 39 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index f9fa0a7c3a..7ee7506c53 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1413,7 +1413,7 @@ CVE-2017-18275 (A new account can be inserted into simContacts service using And CVE-2017-18274 (While iterating through the models contained in a fixed-size array in ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...) - {DLA-1785-1 DLA-1381-1} + {DLA-2366-1 DLA-1785-1 DLA-1381-1} - imagemagick 8:6.9.9.34+dfsg-3 (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/910 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d @@ -1425,7 +1425,7 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-af NOTE: https://github.com/ImageMagick/ImageMagick/issues/918 NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038 CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...) - {DLA-1785-1 DLA-1381-1} + {DLA-2366-1 DLA-1785-1 DLA-1381-1} - imagemagick 8:6.9.9.34+dfsg-3 (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/911 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e @@ -1717,6 +1717,7 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) NOT-FOR-US: JerryScript CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...) + {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 (low) [jessie] - imagemagick <not-affected> (vulnerable code not present) [wheezy] - imagemagick <not-affected> (vulnerable code not present) @@ -1730,6 +1731,7 @@ CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability w NOTE: The commit referenced the wrong issue in the upstream issue tracker, but NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314 CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in Im ...) + {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 (low) [jessie] - imagemagick <not-affected> (vulnerable code not present) [wheezy] - imagemagick <not-affected> (vulnerable code not present) @@ -2392,7 +2394,7 @@ CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scrip CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...) NOT-FOR-US: XMLBundle CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...) - {DLA-1785-1 DLA-1229-1} + {DLA-2366-1 DLA-1785-1 DLA-1229-1} - imagemagick 8:6.9.9.34+dfsg-3 NOTE: https://github.com/ImageMagick/ImageMagick/issues/867 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533 @@ -2507,7 +2509,7 @@ CVE-2017-1000449 CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a di ...) NOT-FOR-US: Structured Data Linter CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...) - {DLA-1785-1 DLA-1229-1} + {DLA-2366-1 DLA-1785-1 DLA-1229-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #886281) NOTE: https://github.com/ImageMagick/ImageMagick/issues/775 NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f @@ -2844,7 +2846,7 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/ CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...) - {DLA-1785-1 DLA-1227-1} + {DLA-2366-1 DLA-1785-1 DLA-1227-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #886584) NOTE: https://github.com/ImageMagick/ImageMagick/issues/908 NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b @@ -3606,7 +3608,7 @@ CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37 CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...) NOT-FOR-US: Panda Global Protection CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...) - {DLA-1785-1 DLA-1227-1} + {DLA-2366-1 DLA-1785-1 DLA-1227-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942) NOTE: https://github.com/ImageMagick/ImageMagick/issues/870 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a @@ -10261,7 +10263,7 @@ CVE-2017-15283 CVE-2017-15282 RESERVED CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...) - {DLA-1785-1 DLA-1139-1} + {DLA-2366-1 DLA-1785-1 DLA-1139-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579) NOTE: https://github.com/ImageMagick/ImageMagick/issues/832 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e @@ -11228,7 +11230,7 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554) NOTE: https://github.com/ImageMagick/ImageMagick/issues/723 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820 @@ -11241,7 +11243,7 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905 NOTE: emf.c not compiled under Debian CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) - {DLA-1785-1} + {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/724 @@ -12028,7 +12030,7 @@ CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQ CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...) NOT-FOR-US: LabF nfsAxe CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548) NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f @@ -12036,7 +12038,7 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...) NOT-FOR-US: GeniXCMS CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547) NOTE: https://github.com/ImageMagick/ImageMagick/issues/780 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d @@ -12406,7 +12408,7 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxL CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...) NOT-FOR-US: CyberLink LabelPrint CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) - {DLA-1785-1} + {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/720 @@ -12414,13 +12416,13 @@ CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerabi NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) - {DLA-1785-1} + {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) - {DLA-1785-1} + {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/722 @@ -12650,7 +12652,7 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/ NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907 CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...) - {DLA-1785-1} + {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #878541) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/719 @@ -12738,7 +12740,7 @@ CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline p CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...) NOT-FOR-US: geminabox CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545) NOTE: https://github.com/ImageMagick/ImageMagick/issues/716 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 @@ -13106,7 +13108,7 @@ CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546) NOTE: https://github.com/ImageMagick/ImageMagick/issues/746 NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af @@ -13230,7 +13232,7 @@ CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in Rea NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21 CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105) NOTE: https://github.com/ImageMagick/ImageMagick/issues/654 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 @@ -13484,7 +13486,7 @@ CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Fir ...) NOT-FOR-US: TP-LINK Router CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099) NOTE: https://github.com/ImageMagick/ImageMagick/issues/708 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac @@ -13696,23 +13698,23 @@ CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from s CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) NOT-FOR-US: aacplusenc CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502) NOTE: https://github.com/ImageMagick/ImageMagick/issues/712 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56 CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503) NOTE: https://github.com/ImageMagick/ImageMagick/issues/714 NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504) NOTE: https://github.com/ImageMagick/ImageMagick/issues/713 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c @@ -14132,7 +14134,7 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be - libidn <not-affected> (Vulnerable code not present) NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305 CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/710 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c @@ -14812,7 +14814,7 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260 CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352) NOTE: https://github.com/ImageMagick/ImageMagick/issues/706 NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3 @@ -16369,7 +16371,7 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904 NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05 CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100) NOTE: https://github.com/ImageMagick/ImageMagick/issues/679 NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8 @@ -16587,6 +16589,7 @@ CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/669 CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...) + {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #873131) [jessie] - imagemagick <not-affected> (Vulnerable code not present) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) @@ -17230,7 +17233,7 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7. NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871) NOTE: https://github.com/ImageMagick/ImageMagick/issues/659 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e @@ -17449,6 +17452,7 @@ CVE-2017-12808 CVE-2017-12807 REJECTED CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/660 @@ -17765,19 +17769,19 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides NOTE: https://curl.haxx.se/CVE-2017-1000099.patch NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341) NOTE: https://github.com/ImageMagick/ImageMagick/issues/652 NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339) NOTE: https://github.com/ImageMagick/ImageMagick/issues/653 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15 CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...) - {DLA-1785-1 DLA-1131-1} + {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338) NOTE: https://github.com/ImageMagick/ImageMagick/issues/656 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d @@ -17829,7 +17833,7 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7 CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609) NOTE: https://github.com/ImageMagick/ImageMagick/issues/604 NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049 @@ -18232,7 +18236,7 @@ CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530) NOTE: https://github.com/ImageMagick/ImageMagick/issues/599 NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1 @@ -18576,7 +18580,7 @@ CVE-2017-12437 CVE-2017-12436 RESERVED CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504) NOTE: https://github.com/ImageMagick/ImageMagick/issues/543 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f @@ -18595,7 +18599,7 @@ CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74 CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) - {DLA-1081-1} + {DLA-2366-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 [jessie] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/545 @@ -19379,7 +19383,7 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f [wheezy] - libytnef <no-dsa> (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/50 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059) NOTE: https://github.com/ImageMagick/ImageMagick/issues/533 NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd @@ -20273,7 +20277,7 @@ CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOn - imagemagick 8:6.9.7.4+dfsg-15 (bug #870109) NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05 CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107) NOTE: https://github.com/ImageMagick/ImageMagick/issues/549 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f @@ -20402,13 +20406,13 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through NOTE: https://github.com/ImageMagick/ImageMagick/issues/624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020) NOTE: https://github.com/ImageMagick/ImageMagick/issues/610 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019) NOTE: https://github.com/ImageMagick/ImageMagick/issues/598 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89 @@ -20815,7 +20819,7 @@ CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84 CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) - {DLA-1785-1 DLA-1081-1} + {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727) NOTE: https://github.com/ImageMagick/ImageMagick/issues/546 NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5 |