UbuntuUpdates.org

Package "imagemagick"

Name: imagemagick

Description:

image manipulation programs -- binaries

Latest version: 8:6.9.7.4+dfsg-16ubuntu6.3
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://www.imagemagick.org/

Links

Save this URL for the latest version of "imagemagick": https://www.ubuntuupdates.org/imagemagick


Download "imagemagick"


Other versions of "imagemagick" in Bionic

Repository Area Version
base main 8:6.9.7.4+dfsg-16ubuntu6
base universe 8:6.9.7.4+dfsg-16ubuntu6
security universe 8:6.9.7.4+dfsg-16ubuntu6.3
security main 8:6.9.7.4+dfsg-16ubuntu6.3
updates universe 8:6.9.7.4+dfsg-16ubuntu6.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8:6.9.7.4+dfsg-16ubuntu6.3 2018-07-11 14:07:16 UTC

  imagemagick (8:6.9.7.4+dfsg-16ubuntu6.3) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage
    - debian/patches/CVE-2018-12599.patch: use proper lengths in
      coders/bmp.c.
    - CVE-2018-12599
  * SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage
    - debian/patches/CVE-2018-12600.patch: use proper lengths in
      coders/dib.c.
    - CVE-2018-12600
  * SECURITY UPDATE: memory leak in XMagickCommand
    - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
    - CVE-2018-13153

 -- Marc Deslauriers <email address hidden> Tue, 10 Jul 2018 10:09:07 -0400

Source diff to previous version
CVE-2018-12599 In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-12600 In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-13153 In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

Version: 8:6.9.7.4+dfsg-16ubuntu6.2 2018-06-12 13:06:43 UTC

  imagemagick (8:6.9.7.4+dfsg-16ubuntu6.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-201[78]*.patch: backport large number of upstream
      security patches.
    - CVE-2017-12140, CVE-2017-12418, CVE-2017-12433, CVE-2017-12644,
      CVE-2017-12674, CVE-2017-12691, CVE-2017-12692, CVE-2017-12693,
      CVE-2017-12875, CVE-2017-12877, CVE-2017-12983, CVE-2017-13058,
      CVE-2017-13059, CVE-2017-13060, CVE-2017-13061, CVE-2017-13062,
      CVE-2017-13131, CVE-2017-13134, CVE-2017-13758, CVE-2017-13768,
      CVE-2017-13769, CVE-2017-14060, CVE-2017-14172, CVE-2017-14173,
      CVE-2017-14174, CVE-2017-14175, CVE-2017-14224, CVE-2017-14249,
      CVE-2017-14325, CVE-2017-14326, CVE-2017-14341, CVE-2017-14342,
      CVE-2017-14343, CVE-2017-14400, CVE-2017-14505, CVE-2017-14531,
      CVE-2017-14532, CVE-2017-14533, CVE-2017-14607, CVE-2017-14624,
      CVE-2017-14625, CVE-2017-14626, CVE-2017-14682, CVE-2017-14684,
      CVE-2017-14739, CVE-2017-14741, CVE-2017-14989, CVE-2017-15015,
      CVE-2017-15016, CVE-2017-15017, CVE-2017-15032, CVE-2017-15033,
      CVE-2017-15217, CVE-2017-15218, CVE-2017-15277, CVE-2017-15281,
      CVE-2017-16546, CVE-2017-17499, CVE-2017-17504, CVE-2017-17680,
      CVE-2017-17681, CVE-2017-17682, CVE-2017-17879, CVE-2017-17881,
      CVE-2017-17882, CVE-2017-17884, CVE-2017-17885, CVE-2017-17886,
      CVE-2017-17887, CVE-2017-17914, CVE-2017-17934, CVE-2017-18008,
      CVE-2017-18022, CVE-2017-18027, CVE-2017-18028, CVE-2017-18029,
      CVE-2017-18209, CVE-2017-18211, CVE-2017-18251, CVE-2017-18252,
      CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000445,
      CVE-2017-1000476, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248,
      CVE-2018-5357, CVE-2018-5358, CVE-2018-6405, CVE-2018-7443,
      CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-10177,
      CVE-2018-10804, CVE-2018-10805, CVE-2018-11251, CVE-2018-11625,
      CVE-2018-11655, CVE-2018-11656

 -- Marc Deslauriers <email address hidden> Thu, 07 Jun 2018 11:19:48 -0400

CVE-2017-12140 The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafte
CVE-2017-12418 ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/co
CVE-2017-12433 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial
CVE-2017-12644 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
CVE-2017-12674 In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a deni
CVE-2017-12691 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a craf
CVE-2017-12692 The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a cr
CVE-2017-12693 The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a craf
CVE-2017-12875 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVE-2017-12877 Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of servi
CVE-2017-12983 Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (
CVE-2017-13058 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial
CVE-2017-13059 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a den
CVE-2017-13060 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial
CVE-2017-13061 In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to
CVE-2017-13062 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial o
CVE-2017-13131 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denia
CVE-2017-13134 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attac
CVE-2017-13758 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVE-2017-13768 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial
CVE-2017-13769 The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-r
CVE-2017-14060 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cau
CVE-2017-14172 In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a
CVE-2017-14173 In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(d
CVE-2017-14174 In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumpti
CVE-2017-14175 In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When
CVE-2017-14224 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code
CVE-2017-14249 ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cac
CVE-2017-14325 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to caus
CVE-2017-14326 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a den
CVE-2017-14341 ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVE-2017-14342 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVE-2017-14343 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-14400 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause
CVE-2017-14505 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Serv
CVE-2017-14531 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
CVE-2017-14532 ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14533 ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVE-2017-14607 In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploi
CVE-2017-14624 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14625 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14626 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14682 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and applicat
CVE-2017-14684 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a d
CVE-2017-14739 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows rem
CVE-2017-14741 The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a c
CVE-2017-14989 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font f
CVE-2017-15015 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVE-2017-15016 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVE-2017-15017 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-15032 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-15033 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVE-2017-15217 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-15218 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVE-2017-15277 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has ne
CVE-2017-15281 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspeci
CVE-2017-16546 The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote
CVE-2017-17499 ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-17504 ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage
CVE-2017-17680 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a de
CVE-2017-17681 In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to ca
CVE-2017-17682 In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause
CVE-2017-17879 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculati
CVE-2017-17881 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a de
CVE-2017-17882 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a de
CVE-2017-17884 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause
CVE-2017-17885 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a
CVE-2017-17886 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause
CVE-2017-17887 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to ca
CVE-2017-17914 In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of s
CVE-2017-17934 ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSL
CVE-2017-18008 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVE-2017-18022 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
CVE-2017-18027 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause
CVE-2017-18028 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers
CVE-2017-18029 In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to caus
CVE-2017-18209 In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memo
CVE-2017-18211 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-loo
CVE-2017-18251 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote
CVE-2017-18252 An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (as
CVE-2017-18254 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote
CVE-2017-18271 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows
CVE-2017-18273 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows at
CVE-2017-1000445 ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVE-2017-1000476 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a den
CVE-2018-5246 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
CVE-2018-5247 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
CVE-2018-5248 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode fun
CVE-2018-5357 ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
CVE-2018-5358 ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal functi
CVE-2018-6405 In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new
CVE-2018-7443 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows r
CVE-2018-8804 WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and a
CVE-2018-8960 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer
CVE-2018-9133 ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of
CVE-2018-10177 In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vul
CVE-2018-10804 ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
CVE-2018-10805 ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2018-11251 In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to caus
CVE-2018-11625 In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
CVE-2018-11655 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows atta
CVE-2018-11656 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cau



About   -   Send Feedback to @ubuntu_updates