important: ImageMagick/jasper security update
important
An update for ImageMagick/jasper is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
ImageMagick:
jasper:
Security Fix(es):
ImageMagick: A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.(CVE-2023-5341)
ImageMagick: A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.(CVE-2023-3428)
ImageMagick: bugfix
jasper: In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.(CVE-2024-31744)
jasper: A flaw in jasper was discovered where an invalid memory write occurred due to the absence of a proper range check in the JPC encoder.(CVE-2023-51257)
jasper: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.