Amazon Linux 2022 Security Advisory: ALAS-2022-164
Advisory Release Date: 2022-11-01 21:23 Pacific
Advisory Updated Date: 2022-11-03 21:03 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A divide-by-zero flaw was found in ImageMagick in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20241)
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20246)
A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309)
Affected Packages:
ImageMagick
Issue Correction:
Run dnf update ImageMagick --releasever=2022.0.20221102 to update your system.
aarch64:
ImageMagick-perl-debuginfo-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-debugsource-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-c++-debuginfo-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-perl-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-c++-devel-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-debuginfo-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-c++-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-devel-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-doc-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-libs-debuginfo-6.9.12.48-2.amzn2022.0.6.aarch64
ImageMagick-libs-6.9.12.48-2.amzn2022.0.6.aarch64
src:
ImageMagick-6.9.12.48-2.amzn2022.0.6.src
x86_64:
ImageMagick-c++-debuginfo-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-c++-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-perl-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-debugsource-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-perl-debuginfo-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-devel-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-debuginfo-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-c++-devel-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-doc-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-libs-debuginfo-6.9.12.48-2.amzn2022.0.6.x86_64
ImageMagick-libs-6.9.12.48-2.amzn2022.0.6.x86_64