UbuntuUpdates.org

Package "graphicsmagick"

Name: graphicsmagick

Description:

collection of image processing tools

Latest version: 1.3.28-2ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.graphicsmagick.org/

Links

Save this URL for the latest version of "graphicsmagick": https://www.ubuntuupdates.org/graphicsmagick


Download "graphicsmagick"


Other versions of "graphicsmagick" in Bionic

Repository Area Version
base universe 1.3.28-2
updates universe 1.3.28-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.28-2ubuntu0.1 2019-12-02 21:07:08 UTC

  graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
    - debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
      65535.
    - CVE-2018-20184
  * SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
    - debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
      sample_bits <= 32.
    - debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
      to arithmetic overflow.
    - debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
      to guard against arithmetic overflow.
    - CVE-2018-20185
  * SECURITY UPDATE: DoS (crash) in ReadDIBImage.
    - debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
      per pixel are not colormapped.
    - CVE-2018-20189
  * SECURITY UPDATE: Stack-based buffer overflow in the function
    SVGStartElement.
    - debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
      parsing quoted font family value.
    - CVE-2019-11005
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
    - debian/patches/CVE-2019-11006.patch: Detect end of file while reading
      RLE packets.
    - CVE-2019-11006
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
    - debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
      image colormap.
    - debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
      PixelPacket) of image colormap.
    - CVE-2019-11007
  * SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
    - debian/patches/CVE-2019-11008.patch: Perform more header validations, a
      file size validation, and fix arithmetic overflows leading to heap
      overwrite.
    - CVE-2019-11008
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
    - debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
      reading DirectClass XWD file.
    - CVE-2019-11009
  * SECURITY UPDATE: Memory leak in the function ReadMPCImage.
    - debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
      or an irrationally large profile length.
    - CVE-2019-11010
  * SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
    crash) by crafting an XWD image file.
    - debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
      avoid crashes due to FPE and invalid reads.
    - debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
      arbitrary memory allocation.
    - debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
      violation and invalid memory read with more validations.
    - CVE-2019-11473
    - CVE-2019-11474
  * SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
    - debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
      image->depth. Avoids potential buffer overflow.
    - CVE-2019-11505
  * SECURITY UPDATE: Heap-based buffer overflow in the function
    WriteMATLABImage.
    - debian/patches/CVE-2019-11506.patch: Add completely missing error
      handling.
    - CVE-2019-11506

 -- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:12:37 -0300

CVE-2018-20184 In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to c
CVE-2018-20185 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which a
CVE-2018-20189 In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is
CVE-2019-11005 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remo
CVE-2019-11006 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attac
CVE-2019-11007 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attacke
CVE-2019-11008 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote
CVE-2019-11009 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attacke
CVE-2019-11010 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a de
CVE-2019-11473 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD ima
CVE-2019-11474 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an X
CVE-2019-11505 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c
CVE-2019-11506 In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/m



About   -   Send Feedback to @ubuntu_updates