{"id":"MGASA-2016-0257","summary":"Updated imagemagick packages fix security vulnerabilities","details":"Updated imagemagick package fixes security vulnerabilities:\n\nThe OpenBlob function in blob.c in ImageMagick allows remote attackers to\nexecute arbitrary code via a | (pipe) character at the start of a filename\n(CVE-2016-5118).\n\nInteger overflow in MagickCore/profile.c (CVE-2016-5841).\n\nBuffer overread in MagickCore/property.c (CVE-2016-5842).\n\nAlso, several packages have been rebuilt to use the updated Magick++-6.Q16\nlibrary.  These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2,\nkxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit,\npythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.\n","modified":"2026-02-02T05:10:08.823878Z","published":"2016-07-19T12:47:11Z","related":["CVE-2016-5118","CVE-2016-5841","CVE-2016-5842"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0257.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18598"},{"type":"REPORT","url":"http://seclists.org/oss-sec/2016/q2/432"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/06/25/3"},{"type":"REPORT","url":"http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3591"}],"affected":[{"package":{"name":"imagemagick","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/imagemagick?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.9.5.2-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"converseen","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/converseen?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.3-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"cuneiform-linux","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/cuneiform-linux?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"inkscape","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/inkscape?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.91-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"k3d","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/k3d?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.0.2-10.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"kcm-grub2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kcm-grub2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.8-12.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"kxstitch","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kxstitch?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"performous","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/performous?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.0-0.20141015.2.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"perl-Image-SubImageFind","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Image-SubImageFind?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.30.0-2.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"pfstools","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pfstools?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.5-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"pstoedit","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pstoedit?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.62-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"pythonmagick","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pythonmagick?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"synfig","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/synfig?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.64.1-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"vdr-plugin-skinelchi","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/vdr-plugin-skinelchi?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.8-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}},{"package":{"name":"vdr-plugin-skinenigmang","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/vdr-plugin-skinenigmang?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.2-8.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0257.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}