VDB
GCVE-110-MAGEIA-2016-257
GCVE-110-MAGEIA-2016-257
Advisory Published
Updated imagemagick package fixes security vulnerabilities:
The OpenBlob function in blob.c in ImageMagick allows remote attackers to
execute arbitrary code via a | (pipe) character at the start of a filename
(CVE-2016-5118).
Integer overflow in MagickCore/profile.c (CVE-2016-5841).
Buffer overread in MagickCore/property.c (CVE-2016-5842).
Also, several packages have been rebuilt to use the updated Magick++-6.Q16
library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2,
kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit,
pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | converseen | 0 (affected), 0.8.3-3.1.mga5 (unaffected) | — |
| Mageia | cuneiform-linux | 0 (affected), 1.1.0-6.1.mga5 (unaffected) | — |
| Mageia | pfstools | 0 (affected), 1.8.5-1.1.mga5 (unaffected) | — |
| Mageia | kcm-grub2 | 0.5.8-12.2.mga5 (unaffected), 0 (affected) | — |
| Mageia | k3d | 0 (affected), 0.8.0.2-10.1.mga5 (unaffected) | — |
| Mageia | kxstitch | 0 (affected), 1.2.0-3.1.mga5 (unaffected) | — |
| Mageia | performous | 0 (affected), 0.8.0-0.20141015.2.1.mga5 (unaffected) | — |
| Mageia | perl-Image-SubImageFind | 0 (affected), 0.30.0-2.1.mga5 (unaffected) | — |
| Mageia | pythonmagick | 0 (affected), 0.9.12-1.mga5 (unaffected) | — |
| Mageia | inkscape | 0 (affected), 0.91-1.1.mga5 (unaffected) | — |
| Mageia | vdr-plugin-skinenigmang | 0 (affected), 0.1.2-8.1.mga5 (unaffected) | — |
| Mageia | imagemagick | 0 (affected), 6.9.5.2-1.mga5 (unaffected) | — |
| Mageia | synfig | 0 (affected), 0.64.1-6.1.mga5 (unaffected) | — |
| Mageia | vdr-plugin-skinelchi | 0 (affected), 0.2.8-6.1.mga5 (unaffected) | — |
| Mageia | pstoedit | 0 (affected), 3.62-5.1.mga5 (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.