[Git][security-tracker-team/security-tracker][master] CVE-2023-2157/imagemagick
Bastien Roucariès (@rouca)
rouca at debian.org
Sun Mar 17 22:48:44 GMT 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66f314e8 by Bastien Roucariès at 2024-03-17T22:46:00+00:00
CVE-2023-2157/imagemagick
This CVE was in the code supporting exif feature following https://github.com/ImageMagick/ImageMagick/issues/5768
First commit introducing this feature was in https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08
This commit does not pin point the exact point where the CVE was introduced but version before 6.9.12.72, does not read the exif and thus
did not trigger the CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53546,11 +53546,13 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso
NOT-FOR-US: Code Dx
CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...)
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476)
- [bookworm] - imagemagick <no-dsa> (Minor issue)
- [bullseye] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
[buster] - imagemagick <not-affected> (Vulnerable code was introduced later)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
+ NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/issues/5768
+ NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 (exif feature not present before this commit 6.9.12.72)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
{DSA-5453-1 DSA-5448-1 DLA-3512-1}
- linux 6.3.11-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f314e8bc9ac6c9adcee8728ca0b0b892ffadb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240317/c474f703/attachment.htm>
More information about the debian-security-tracker-commits
mailing list