{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ImageMagick security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ImageMagick is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nThere are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27753)\n\nTIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `\"dc:format=\\\"image/dng\\\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-25667)\n\nIn ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27756)", "category":"general", "title":"Description" }, { "text":"An update for ImageMagick is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"ImageMagick", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2021-1219", "category":"self", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1219" }, { "summary":"CVE-2020-27753", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2020-27753&packageName=ImageMagick" }, { "summary":"CVE-2020-25667", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2020-25667&packageName=ImageMagick" }, { "summary":"CVE-2020-27756", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2020-27756&packageName=ImageMagick" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27753" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25667" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27756" }, { "summary":"openEuler-SA-2021-1219 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2021/csaf-openeuler-sa-2021-1219.json" } ], "title":"An update for ImageMagick is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2021-06-12T09:20:28+08:00", "revision_history":[ { "date":"2021-06-12T09:20:28+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:20:28+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:20:28+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:20:28+08:00", "id":"openEuler-SA-2021-1219", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-help-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-help-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-help-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-perl-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-perl-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-perl-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-devel-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-devel-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-devel-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-c++-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-c++-6.9.10.67-25.oe1.aarch64.rpm" }, "name":"ImageMagick-c++-6.9.10.67-25.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-6.9.10.67-25.oe1.src.rpm(20.03-LTS-SP1)", "name":"ImageMagick-6.9.10.67-25.oe1.src.rpm" }, "name":"ImageMagick-6.9.10.67-25.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-help-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-help-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-help-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-perl-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-perl-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-perl-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-c++-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-c++-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-c++-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"ImageMagick-devel-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"ImageMagick-devel-6.9.10.67-25.oe1.x86_64.rpm" }, "name":"ImageMagick-devel-6.9.10.67-25.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-help-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-help-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-perl-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-perl-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-devel-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-devel-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-c++-6.9.10.67-25.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "name":"ImageMagick-c++-6.9.10.67-25.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-6.9.10.67-25.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "name":"ImageMagick-6.9.10.67-25.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-help-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-help-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-perl-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-perl-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-c++-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-c++-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"ImageMagick-devel-6.9.10.67-25.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64", "name":"ImageMagick-devel-6.9.10.67-25.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2020-27753", "notes":[ { "text":"There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1219" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-27753" }, { "cve":"CVE-2020-25667", "notes":[ { "text":"TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `\"dc:format=\\\"image/dng\\\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1219" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-25667" }, { "cve":"CVE-2020-27756", "notes":[ { "text":"In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1219" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.aarch64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.src", "openEuler-20.03-LTS-SP1:ImageMagick-help-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-perl-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64", "openEuler-20.03-LTS-SP1:ImageMagick-devel-6.9.10.67-25.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-27756" } ] }