UbuntuUpdates.org

Package "libmagickwand-6.q16-dev"

Name: libmagickwand-6.q16-dev

Description:

image manipulation library - development files (Q16)
Latest version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
Release: kinetic (22.10)
Level: security
Repository: universe
Head package: imagemagick
Homepage: https://www.imagemagick.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libmagickwand-6.q16-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libmagickwand-6.q16-dev" in Kinetic

Repository Area Version
base universe 8:6.9.11.60+dfsg-1.3build3
updates universe 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1

Changelog

Version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1 2022-11-24 09:06:26 UTC

  imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
    remote attacker to cause a denial of service via a crafted image file
    - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
      to fix division by zeros in coders/jp2.c
    - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
      to fix division by zeros in magick/resize.c
    - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
      magick/fx.c
    - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
      oders/webp.c
    - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
      magick/resample.c
    - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
      magick/fx.c
    - CVE-2021-20241
    - CVE-2021-20243
    - CVE-2021-20244
    - CVE-2021-20245
    - CVE-2021-20246
    - CVE-2021-20309
  * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
    imagemagick allow a remote attacker to cause a denial of service or
    possible leak of cryptographic information via a crafted image file
    - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
      coders/thumbnail.c, division by zero in magick/colorspace.c and
      a potential cipher leak in magick/memory.c
    - CVE-2021-20312
    - CVE-2021-20313
  * SECURITY UPDATE: memory leaks when executing convert command
    - debian/patches/CVE-2021-3574.patch: fix memory leaks
    - CVE-2021-3574
  * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
    Security Policy
    - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
      RegisterStaticModules
    - CVE-2021-39212
  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2021-4219.patch: fix denial of service
    - CVE-2021-4219
  * SECURITY UPDATE: use-after-free in magick
    - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
      dcm.c
    - CVE-2022-1114
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-28463.patch: fix buffer overflow
    - CVE-2022-28463
  * SECURITY UPDATE: out-of-range value
    - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned char in
      coders/psd.c.
    - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned long in
      coders/pcl.c.
    - CVE-2022-32545
    - CVE-2022-32546
  * SECURITY UPDATE: load of misaligned address
    - debian/patches/CVE-2022-32547.patch: addresses the potential for the
      loading of misaligned addresses in magick/property.c.
    - CVE-2022-32547

 -- Nishit Majithia <email address hidden> Tue, 22 Nov 2022 13:12:36 +0530
CVE-2021-20241 A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined beha
CVE-2021-20243 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefin
CVE-2021-20244 A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger
CVE-2021-20245 A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined beh
CVE-2021-20246 A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undef
CVE-2021-20309 A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c m
CVE-2021-20312 A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined beha
CVE-2021-20313 A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. T
CVE-2021-3574 A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVE-2021-39212 ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both
CVE-2021-4219 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an
CVE-2022-1114 A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker pa
CVE-2022-28463 ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-32545 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted
CVE-2022-32546 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted
CVE-2022-32547 In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte al


About   -   Send Feedback to @ubuntu_updates