Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-5841 CVE-2017-13139

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. (CVE-2016-5841) In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)

Source

ALAS-2024-2432

Amazon Linux 2 Security Advisory: ALAS-2024-2432
Advisory Release Date: 2024-01-19 01:51 Pacific
Advisory Updated Date: 2024-01-22 20:20 Pacific

Severity: Important

References: CVE-2016-5841 CVE-2017-13139
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. (CVE-2016-5841)

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)

Affected Packages:

ImageMagick

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update ImageMagick to update your system.

New Packages:

aarch64:
    ImageMagick-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-devel-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-doc-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-perl-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-c++-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1.aarch64
    ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1.aarch64

i686:
    ImageMagick-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-devel-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-doc-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-perl-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-c++-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1.i686
    ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1.i686

src:
    ImageMagick-6.9.10.68-3.amzn2.0.1.src

x86_64:
    ImageMagick-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-devel-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-doc-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-perl-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-c++-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1.x86_64
    ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2016-5841, CVE-2017-13139

Mitre: CVE-2016-5841, CVE-2017-13139

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2024-2432

ALAS-2024-2432

Additional References

Vulmon Search

About

Products

Connect