pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4fa652202a
vuln-list-alt/oval/c9f2/ALT-PU-2024-2243/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

521 lines
27 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20242243",
"Version": "oval:org.altlinux.errata:def:20242243",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-2243: package `ImageMagick` update to version 6.9.12.93-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-2243",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-2243",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03651",
"RefURL": "https://bdu.fstec.ru/vul/2021-03651",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03652",
"RefURL": "https://bdu.fstec.ru/vul/2021-03652",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03654",
"RefURL": "https://bdu.fstec.ru/vul/2021-03654",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05183",
"RefURL": "https://bdu.fstec.ru/vul/2021-05183",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05277",
"RefURL": "https://bdu.fstec.ru/vul/2021-05277",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06962",
"RefURL": "https://bdu.fstec.ru/vul/2022-06962",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00579",
"RefURL": "https://bdu.fstec.ru/vul/2023-00579",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01717",
"RefURL": "https://bdu.fstec.ru/vul/2023-01717",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01719",
"RefURL": "https://bdu.fstec.ru/vul/2023-01719",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01721",
"RefURL": "https://bdu.fstec.ru/vul/2023-01721",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01724",
"RefURL": "https://bdu.fstec.ru/vul/2023-01724",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02231",
"RefURL": "https://bdu.fstec.ru/vul/2023-02231",
"Source": "BDU"
},
{
"RefID": "CVE-2021-20176",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20176",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20224",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20224",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20241",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20241",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20245",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20245",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20246",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20246",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20309",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20309",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3610",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3610",
"Source": "CVE"
},
{
"RefID": "CVE-2021-4219",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4219",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1114",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1115",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3213",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32545",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32545",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32546",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32546",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
"Source": "CVE"
},
{
"RefID": "CVE-2022-44268",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-44268",
"Source": "CVE"
},
{
"RefID": "CVE-2023-1906",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1906",
"Source": "CVE"
},
{
"RefID": "CVE-2023-3195",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3195",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39978",
"Source": "CVE"
}
],
"Description": "This update upgrades ImageMagick to version 6.9.12.93-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03651: Уязвимость файла gem.c набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03652: Уязвимость файла coders/jp2.c. набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03654: Уязвимость файла MagickCore/resample.c. набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05183: Уязвимость компонента coders/webp.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05277: Уязвимость функции WaveImage() компонента MagickCore/visual-effects.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06962: Уязвимость функции ExportIndexQuantum() графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2023-00579: Уязвимость графического редактора ImageMagick, связанная с ошибками при обработке входных данных, позволяющая нарушителю получить доступ к защищаемой информации\n\n * BDU:2023-01717: Уязвимость компонента coders/pcl.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01719: Уязвимость функции RelinquishDCMInfo() компонента dcm.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2023-01721: Уязвимость компонента coders/psd.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01724: Уязвимость компонента MagickCore/property.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-02231: Уязвимость функции importmultispectralquantum() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20224: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.\n\n * CVE-2021-20241: A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20309: A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.\n\n * CVE-2021-4219: A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.\n\n * CVE-2022-1114: A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.\n\n * CVE-2022-1115: A heap-buffer-overflow flaw was found in ImageMagicks PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.\n\n * CVE-2022-3213: A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.\n\n * CVE-2022-32545: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.\n\n * CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.\n\n * CVE-2022-32547: In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.\n\n * CVE-2022-44268: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).\n\n * CVE-2023-1906: A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.\n\n * CVE-2023-3195: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.\n\n * CVE-2023-39978: ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.\n\n * #31789: Лишний пункт меню",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-01"
},
"Updated": {
"Date": "2024-03-01"
},
"BDUs": [
{
"ID": "BDU:2021-03651",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03651",
"Impact": "Low",
"Public": "20210115"
},
{
"ID": "BDU:2021-03652",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03652",
"Impact": "Low",
"Public": "20210115"
},
{
"ID": "BDU:2021-03654",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03654",
"Impact": "Low",
"Public": "20210215"
},
{
"ID": "BDU:2021-05183",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-05183",
"Impact": "Low",
"Public": "20210202"
},
{
"ID": "BDU:2021-05277",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-05277",
"Impact": "High",
"Public": "20210225"
},
{
"ID": "BDU:2022-06962",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-06962",
"Impact": "Low",
"Public": "20220825"
},
{
"ID": "BDU:2023-00579",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-00579",
"Impact": "High",
"Public": "20230206"
},
{
"ID": "BDU:2023-01717",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01717",
"Impact": "High",
"Public": "20220324"
},
{
"ID": "BDU:2023-01719",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01719",
"Impact": "Low",
"Public": "20220314"
},
{
"ID": "BDU:2023-01721",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01721",
"Impact": "High",
"Public": "20220317"
},
{
"ID": "BDU:2023-01724",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://bdu.fstec.ru/vul/2023-01724",
"Impact": "High",
"Public": "20220409"
},
{
"ID": "BDU:2023-02231",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-122, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-02231",
"Impact": "Low",
"Public": "20230401"
}
],
"CVEs": [
{
"ID": "CVE-2021-20176",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20176",
"Impact": "Low",
"Public": "20210206"
},
{
"ID": "CVE-2021-20224",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20224",
"Impact": "Low",
"Public": "20220825"
},
{
"ID": "CVE-2021-20241",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20241",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20245",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20245",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20246",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20246",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20309",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20309",
"Impact": "High",
"Public": "20210511"
},
{
"ID": "CVE-2021-3610",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3610",
"Impact": "High",
"Public": "20220224"
},
{
"ID": "CVE-2021-4219",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4219",
"Impact": "Low",
"Public": "20220323"
},
{
"ID": "CVE-2022-1114",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
"Impact": "High",
"Public": "20220429"
},
{
"ID": "CVE-2022-1115",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
"Impact": "Low",
"Public": "20220829"
},
{
"ID": "CVE-2022-3213",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
"Impact": "Low",
"Public": "20220919"
},
{
"ID": "CVE-2022-32545",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32545",
"Impact": "High",
"Public": "20220616"
},
{
"ID": "CVE-2022-32546",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32546",
"Impact": "High",
"Public": "20220616"
},
{
"ID": "CVE-2022-32547",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
"Impact": "High",
"Public": "20220616"
},
{
"ID": "CVE-2022-44268",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-44268",
"Impact": "Low",
"Public": "20230206"
},
{
"ID": "CVE-2023-1906",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1906",
"Impact": "Low",
"Public": "20230412"
},
{
"ID": "CVE-2023-3195",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3195",
"Impact": "Low",
"Public": "20230616"
},
{
"ID": "CVE-2023-39978",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39978",
"Impact": "Low",
"Public": "20230808"
}
],
"Bugzilla": [
{
"ID": "31789",
"Href": "https://bugzilla.altlinux.org/31789",
"Data": "Лишний пункт меню"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20242243001",
"Comment": "ImageMagick is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243002",
"Comment": "ImageMagick-doc is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243003",
"Comment": "ImageMagick-tools is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243004",
"Comment": "libImageMagick++6.9 is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243005",
"Comment": "libImageMagick-devel is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243006",
"Comment": "libImageMagick6-common is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243007",
"Comment": "libImageMagick6.7 is earlier than 0:6.9.12.93-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242243008",
"Comment": "perl-Magick is earlier than 0:6.9.12.93-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink