Package "libmagickcore4"
Name: |
libmagickcore4
|
Description: |
low-level image manipulation library
|
Latest version: |
8:6.6.9.7-5ubuntu3.9 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
imagemagick |
Homepage: |
http://www.imagemagick.org/ |
Links
Download "libmagickcore4"
Other versions of "libmagickcore4" in Precise
Changelog
imagemagick (8:6.6.9.7-5ubuntu3.4) precise-security; urgency=medium
* SECURITY UPDATE: ImageTragick remote code execution
- d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
- d/p/0077-Remove-PLT-Gnuplot-decoder.patch
- d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
- d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
- d/p/0080-Prevent-indirect-reads-with-label-at.patch
- d/p/0081-Less-secure-coders-require-explicit-reference.patch
- CVE-2016-3714
- CVE-2016-3715
- CVE-2016-3716
- CVE-2016-3717
- CVE-2016-3718
* SECURITY UPDATE: popen() shell vulnerability
- d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
- CVE-2016-5118
-- Marc Deslauriers <email address hidden> Wed, 01 Jun 2016 13:17:30 -0400
|
Source diff to previous version |
CVE-2016-3714 |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 |
CVE-2016-3715 |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
CVE-2016-3716 |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. |
CVE-2016-3717 |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. |
CVE-2016-3718 |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery ( |
CVE-2016-5118 |
popen() shell vulnerability via filename |
|
imagemagick (8:6.6.9.7-5ubuntu3.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via psd
images processing rle decoding buffer overflow
- debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
- CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
crafted restart markers
- debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
coders/psd.c.
- CVE-2014-2030
* SECURITY UPDATE: denial of service via crafted sequence of restart
markers
- debian/patches/CVE-2012-0260.patch: limit number of warnings in
coders/jpeg.c.
- CVE-2012-0260
-- Marc Deslauriers <email address hidden> Thu, 06 Mar 2014 11:37:42 -0500
|
Source diff to previous version |
CVE-2014-1958 |
PSD Images Processing RLE Decoding Buffer Overflow Vulnerability |
CVE-2012-0260 |
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ... |
|
imagemagick (8:6.6.9.7-5ubuntu3.2) precise-security; urgency=low
* SECURITY UPDATE: denial of service via large resource consumption
- debian/patches/CVE-2012-3437.patch: always use correct size argument
with libpng memory allocation
- CVE-2012-3437
-- Jamie Strandboge <email address hidden> Fri, 17 Aug 2012 09:34:29 -0500
|
Source diff to previous version |
CVE-2012-3437 |
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow |
|
imagemagick (8:6.6.9.7-5ubuntu3.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed ResolutionUnit or IOP tags.
- debian/patches/CVE-2012-0247.patch: properly calculate
lengths and sizes in magick/{profile,property}.c.
- CVE-2012-0247
- CVE-2012-0248
- CVE-2012-1185
- CVE-2012-1186
* SECURITY UPDATE: denial of service and possible code execution via
EXIF tags.
- debian/patches/CVE-2012-0259.patch: don't copy invalid memory in
coders/tiff.c, properly initialize buffers in magick/property.c.
- CVE-2012-0259
- CVE-2012-1798
* SECURITY UPDATE: denial of service and possible code execution via
JPEG EXIF integer overflow.
- debian/patches/CVE-2012-1610.patch: check number of bytes in
magick/{profile,property}.c.
- CVE-2012-1610
-- Marc Deslauriers Wed, 25 Apr 2012 10:22:49 -0400
|
About
-
Send Feedback to @ubuntu_updates