{"id":"MGASA-2024-0064","summary":"Updated imagemagick packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\nA heap-based buffer overflow vulnerability was found in ImageMagick in\nversions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This\nissue is due to an incorrect setting of the pixel array size, which can\nlead to a crash and segmentation fault. (CVE-2021-3610)\nA stack-based buffer overflow issue was found in ImageMagick's\ncoders/tiff.c. This flaw allows an attacker to trick the user into\nopening a specially crafted malicious tiff file, causing an application\nto crash, resulting in a denial of service. (CVE-2023-3195)\nA heap-based buffer overflow vulnerability was found in coders/tiff.c in\nImageMagick. This issue may allow a local attacker to trick the user\ninto opening a specially crafted file, resulting in an application crash\nand denial of service. (CVE-2023-3428)\nThis security flaw ouccers as an undefined behaviors of casting double\nto size_t in svg, mvg and other coders (recurring bugs of\nCVE-2022-32546). (CVE-2023-34151)\n","modified":"2026-04-16T04:42:53.503642116Z","published":"2024-03-15T22:51:55Z","upstream":["CVE-2021-3610","CVE-2023-3195","CVE-2023-34151","CVE-2023-3428"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0064.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32076"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6200-1"}],"affected":[{"package":{"name":"imagemagick","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1.1.29-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0064.json"}},{"package":{"name":"imagemagick","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1.1.29-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0064.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}