Package "imagemagick"
| Name: |
imagemagick
|
Description: |
image manipulation programs -- binaries
|
| Latest version: |
8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
| Homepage: |
https://www.imagemagick.org/ |
Links
Download "imagemagick"
Other versions of "imagemagick" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5) jammy-security; urgency=medium
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2023-1289-prepatch.patch: recursion detection
framework.
- debian/patches/CVE-2023-1289.patch: erecursion detection
- d/p/0077-CVE-2023-1289-recursion-detection-fail.patch: recursion detection
fail
- d/p/0078-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch:
improved fix for possible DoS for certain SVG constructs
- debian/patches/0079-permit-compositing-MPRI-images.patch: permit
compositing MPRI images.
- d/p/0080-VID-images-not-permitted-when-compositing.patch: VID images not
permitted when compositing.
- d/p/0081-do-not-composite-SVG-to-avoid-possible-recursion.patch: do not
composite SVG to avoid possible recursion.
- CVE-2023-1289
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
- debian/patches/CVE-2023-34151-prepatch.patch: improved range checking.
- debian/patches/CVE-2023-34151-prepatch-2.patch: add additional checks for
casting double to size_t
- debian/patches/CVE-2023-34151.patch: properly cast double to size_t.
- d/p/0069-CVE-2023-34151-properly-cast-double-to-size_t.patch: properly
cast double to size_t
- debian/patches/0070-CVE-2023-34151.patch: magick produces incorrect
result possibly due to overflow.
- debian/patches/0072-CVE-2023-34151.patch: improved range checking
- debian/patches/0073-check-for-value-0-ceil-not-required.patch: check for
value < 0, ceil() not required
- d/p/0074-fix-undefined-behaviors-when-casting-double-to-size_.patch: fix
undefined behaviors when casting double to size_t
- d/p/0075-use-a-different-path-for-positive-and-negative-value.patch: use
a different path for positive and negative values
- d/p/0076-use-instead-to-work-around-precision-limitations-of-.patch: use
>= instead to work around precision limitations of a double.
- CVE-2023-34151
* Other security fixes:
- debian/patches/0063-Added-check-for-invalid-size.patch: Added check for
invalid size.
- debian/patches/0064-improve-BMP-error-checking.patch: improve BMP
error checking.
- d/p/0071-incorrect-bounds-checking-for-draw-affine-https-gith.patch:
incorrect bounds checking for draw affine
- debian/patches/0082-recursion-detection-framework.patch: recursion
detection framework.
- debian/patches/0083-Fixed-memory-leak.patch: Fixed memory leak.
-- Paulo Flabiano Smorigo <email address hidden> Fri, 19 Jul 2024 17:37:45 -0300
|
| Source diff to previous version |
| CVE-2023-1289 |
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a rem |
| CVE-2023-34151 |
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other code |
|
|
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY REGRESSION: Revert additional mitigation.
- debian/patches/CVE-2022-44267_44268-3.patch: Remove bad mitigation via
a policy file.
-- Paulo Flabiano Smorigo <email address hidden> Thu, 30 Mar 2023 12:45:39 -0300
|
| Source diff to previous version |
| CVE-2022-44267 |
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for |
|
|
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Additional fix from previous release
- debian/patches/CVE-2022-44267_44268-1.patch: Renamed from
debian/patches/CVE-2022-44267.patch.
- debian/patches/CVE-2022-44267_44268-2.patch: Renamed from
debian/patches/CVE-2022-44268.patch.
- debian/patches/CVE-2022-44267_44268-3.patch: Additional mitigation.
- CVE-2022-44267
- CVE-2022-44268
-- Paulo Flabiano Smorigo <email address hidden> Wed, 15 Mar 2023 12:31:28 -0300
|
| Source diff to previous version |
| CVE-2022-44267 |
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for |
| CVE-2022-44268 |
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded |
|
|
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-44267.patch: possible DoS @ stdin (OCE-
2022-70); possible arbitrary file leak (OCE-2022-72) (LP: #2004580)
- CVE-2022-44267
* SECURITY UPDATE: Information Disclosure
- debian/patches/CVE-2022-44268.patch: move -set profile handler to CLI
- CVE-2022-44268
-- Paulo Flabiano Smorigo <email address hidden> Fri, 24 Feb 2023 11:40:25 -0300
|
| 2004580 |
Possible arbitrary file leak |
| CVE-2022-44267 |
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for |
| CVE-2022-44268 |
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded |
|
About
-
Send Feedback to @ubuntu_updates
