Vulnerability roundup 100: imagemagick-6.9.12-3: 82 advisories [9.8]

ckauhaus commented 3 years ago

search, files

[x] CVE-2016-5841 CVSSv3=9.8 (nixos-20.09, nixos-unstable)
[x] CVE-2018-16328 CVSSv3=9.8 (nixos-20.09, nixos-unstable)
[x] CVE-2018-16329 CVSSv3=9.8 (nixos-20.09, nixos-unstable)
[x] CVE-2016-6520 CVSSv3=9.1 (nixos-20.09, nixos-unstable)
[x] CVE-2017-11449 CVSSv3=8.8 (nixos-20.09, nixos-unstable)
[x] CVE-2017-11450 CVSSv3=8.8 (nixos-20.09, nixos-unstable)
[x] CVE-2019-17540 CVSSv3=8.8 (nixos-20.09, nixos-unstable)
[x] CVE-2019-17541 CVSSv3=8.8 (nixos-20.09, nixos-unstable)
[x] CVE-2019-17547 CVSSv3=8.8 (nixos-20.09, nixos-unstable)
[x] CVE-2016-8677 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2016-8862 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2016-8866 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2019-13135 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2019-13136 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27766 CVSSv3=7.8 (nixos-20.09, nixos-unstable)
[x] CVE-2016-5842 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2016-6823 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-9098 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-7175 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-7395 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-7396 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-7397 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-7398 CVSSv3=7.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-10131 CVSSv3=7.1 (nixos-20.09, nixos-unstable)
[x] CVE-2016-7101 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-11352 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-11447 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-11448 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-12876 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-12877 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-13768 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-13769 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-17504 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2017-1000445 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2018-6405 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2018-16323 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2018-16749 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2018-16750 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2018-20467 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-10714 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-13137 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-18853 CVSSv3=6.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27752 CVSSv3=6.1 (nixos-20.09, nixos-unstable)
[x] CVE-2015-8896 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2016-7799 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2016-9559 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2016-10060 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2016-10061 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-13133 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2019-13134 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25663 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25665 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25667 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25674 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25676 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27750 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27753 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27756 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27760 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27762 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27770 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2021-20176 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[ ] CVE-2021-20243 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[ ] CVE-2021-20244 CVSSv3=5.5 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25666 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-25675 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27751 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27755 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27757 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27758 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27759 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27761 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27763 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27765 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27767 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[ ] CVE-2020-27768 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27771 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27772 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27773 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27774 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27775 CVSSv3=3.3 (nixos-20.09, nixos-unstable)
[x] CVE-2020-27776 CVSSv3=3.3 (nixos-20.09, nixos-unstable)

Scanned versions: nixos-20.09: 12d9950bf47; nixos-unstable: 1f77a4c8c74.

Cc @erictapen

ckauhaus commented 3 years ago

See previous imagemagick issues for discussion: #113454

erictapen commented 3 years ago

I ticked all the duplicates from https://github.com/NixOS/nixpkgs/issues/113454 and there are 3 CVEs left.

Melkor333 commented 3 years ago

These 3 CVE's are all also listed in #124642. CVE-2021-20244 Is still TODO but I think we can close this Ticket already and keep the other ticket for tracking

NixOS / nixpkgs

Vulnerability roundup 100: imagemagick-6.9.12-3: 82 advisories [9.8] #116883