vuln-list-alt/oval/p11/ALT-PU-2022-2736/definitions.json
2024-12-12 21:07:30 +00:00

237 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222736",
"Version": "oval:org.altlinux.errata:def:20222736",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2736: package `ImageMagick` update to version 6.9.12.64-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2736",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2736",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-01717",
"RefURL": "https://bdu.fstec.ru/vul/2023-01717",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01719",
"RefURL": "https://bdu.fstec.ru/vul/2023-01719",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01721",
"RefURL": "https://bdu.fstec.ru/vul/2023-01721",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01724",
"RefURL": "https://bdu.fstec.ru/vul/2023-01724",
"Source": "BDU"
},
{
"RefID": "CVE-2022-1114",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1115",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3213",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32545",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32545",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32546",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32546",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
"Source": "CVE"
}
],
"Description": "This update upgrades ImageMagick to version 6.9.12.64-alt1. \nSecurity Fix(es):\n\n * BDU:2023-01717: Уязвимость компонента coders/pcl.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01719: Уязвимость функции RelinquishDCMInfo() компонента dcm.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2023-01721: Уязвимость компонента coders/psd.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01724: Уязвимость компонента MagickCore/property.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2022-1114: A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.\n\n * CVE-2022-1115: A heap-buffer-overflow flaw was found in ImageMagicks PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.\n\n * CVE-2022-3213: A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.\n\n * CVE-2022-32545: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.\n\n * CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.\n\n * CVE-2022-32547: In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-06"
},
"Updated": {
"Date": "2022-10-06"
},
"BDUs": [
{
"ID": "BDU:2023-01717",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01717",
"Impact": "High",
"Public": "20220324"
},
{
"ID": "BDU:2023-01719",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01719",
"Impact": "Low",
"Public": "20220314"
},
{
"ID": "BDU:2023-01721",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01721",
"Impact": "High",
"Public": "20220317"
},
{
"ID": "BDU:2023-01724",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://bdu.fstec.ru/vul/2023-01724",
"Impact": "High",
"Public": "20220409"
}
],
"CVEs": [
{
"ID": "CVE-2022-1114",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
"Impact": "High",
"Public": "20220429"
},
{
"ID": "CVE-2022-1115",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
"Impact": "Low",
"Public": "20220829"
},
{
"ID": "CVE-2022-3213",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
"Impact": "Low",
"Public": "20220919"
},
{
"ID": "CVE-2022-32545",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32545",
"Impact": "High",
"Public": "20220616"
},
{
"ID": "CVE-2022-32546",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32546",
"Impact": "High",
"Public": "20220616"
},
{
"ID": "CVE-2022-32547",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
"Impact": "High",
"Public": "20220616"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222736001",
"Comment": "ImageMagick is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736002",
"Comment": "ImageMagick-doc is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736003",
"Comment": "ImageMagick-tools is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736004",
"Comment": "libImageMagick++6.9 is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736005",
"Comment": "libImageMagick-devel is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736006",
"Comment": "libImageMagick6-common is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736007",
"Comment": "libImageMagick6.7 is earlier than 0:6.9.12.64-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222736008",
"Comment": "perl-Magick is earlier than 0:6.9.12.64-alt1"
}
]
}
]
}
}
]
}