VDB

GCVE-110-MAGEIA-2016-257

GCVE-110-MAGEIA-2016-257
Advisory Published
Vulnetix · Advisory published July 19, 2016
Updated imagemagick package fixes security vulnerabilities: The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename (CVE-2016-5118). Integer overflow in MagickCore/profile.c (CVE-2016-5841). Buffer overread in MagickCore/property.c (CVE-2016-5842). Also, several packages have been rebuilt to use the updated Magick++-6.Q16 library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.

Affected Products

VendorProductVersionsPlatforms
Mageiaconverseen0 (affected), 0.8.3-3.1.mga5 (unaffected)
Mageiacuneiform-linux0 (affected), 1.1.0-6.1.mga5 (unaffected)
Mageiapfstools0 (affected), 1.8.5-1.1.mga5 (unaffected)
Mageiakcm-grub20.5.8-12.2.mga5 (unaffected), 0 (affected)
Mageiak3d0 (affected), 0.8.0.2-10.1.mga5 (unaffected)
Mageiakxstitch0 (affected), 1.2.0-3.1.mga5 (unaffected)
Mageiaperformous0 (affected), 0.8.0-0.20141015.2.1.mga5 (unaffected)
Mageiaperl-Image-SubImageFind0 (affected), 0.30.0-2.1.mga5 (unaffected)
Mageiapythonmagick0 (affected), 0.9.12-1.mga5 (unaffected)
Mageiainkscape0 (affected), 0.91-1.1.mga5 (unaffected)
Mageiavdr-plugin-skinenigmang0 (affected), 0.1.2-8.1.mga5 (unaffected)
Mageiaimagemagick0 (affected), 6.9.5.2-1.mga5 (unaffected)
Mageiasynfig0 (affected), 0.64.1-6.1.mga5 (unaffected)
Mageiavdr-plugin-skinelchi0 (affected), 0.2.8-6.1.mga5 (unaffected)
Mageiapstoedit0 (affected), 3.62-5.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›