The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3429 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3429-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                    Bastien Roucaries     May 21, 2023                                  https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : imagemagick     Version        : 8:6.9.10.23+dfsg-2.1+deb10u5     CVE ID         : CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244                      CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312                      CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545                      CVE-2022-32546 CVE-2022-32547     Debian Bug     : 996588 1013282 1016442

    Multiple vulnerabilities were fixed in imagemagick, a software suite,     used for editing and manipulating digital images.

    CVE-2021-20176

        A divide by zero was found in gem.c file.

    CVE-2021-20241

        A divide by zero was found in  jp2 coder.

    CVE-2021-20243

        A divide by zero was found in dcm coder.

    CVE-2021-20244

        A divide by zero was found in fx.c.

    CVE-2021-20245

        A divide by zero was found in webp coder.

    CVE-2021-20246

        A divide by zero was found in resample.c.

    CVE-2021-20309

        A divide by zero was found in WaveImage.c

    CVE-2021-20312

        An integer overflow was found in WriteTHUMBNAILImage()         of coders/thumbnail.c

    CVE-2021-20313

        A potential cipher leak was found when the calculate         signatures in TransformSignature().

    CVE-2021-39212

        A policy bypass was found for postscript files.

    CVE-2022-28463

        A bufer overflow was found in  buffer overflow in cin coder.

    CVE-2022-32545

        A undefined behavior (conversion outside the range of         representable values of type 'unsigned char') was found in psd         file handling.

    CVE-2022-32546

        A undefined behavior (conversion outside the range of         representable values of type 'long') was found in pcl         file handling.

    CVE-2022-32547

        An unaligned access was found in property.c

    For Debian 10 buster, these problems have been fixed in version     8:6.9.10.23+dfsg-2.1+deb10u5.

    We recommend that you upgrade your imagemagick packages.

    For the detailed security status of imagemagick please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3429 : imagemagick - security update

high Nessus Plugin ID 176199

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Jan 22, 2025, 3:03 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501221503
Version 1.1 May 23, 2023, 10:07 AM IAVM reference Plugin Feed: 202305231007
Version 1.0 May 22, 2023, 10:03 AM New Plugin Feed: 202305221003