UbuntuUpdates.org

Package "imagemagick"

Name: imagemagick

Description:

image manipulation programs -- binaries

Latest version: 8:6.8.9.9-7ubuntu5.16
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.imagemagick.org/

Links


Download "imagemagick"


Other versions of "imagemagick" in Xenial

Repository Area Version
base main 8:6.8.9.9-7ubuntu5
base universe 8:6.8.9.9-7ubuntu5
security universe 8:6.8.9.9-7ubuntu5.16
updates main 8:6.8.9.9-7ubuntu5.16
updates universe 8:6.8.9.9-7ubuntu5.16

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8:6.8.9.9-7ubuntu5.11 2018-06-12 13:06:37 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/02*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u12 release. Thanks to Markus Koschany and
      Moritz Muehlenhoff for the excellent work this update is based on!
    - debian/patches/CVE-201[78]*.patch: backport large number of upstream
      security patches.
    - CVE-2017-10995, CVE-2017-11352, CVE-2017-11533, CVE-2017-11535,
      CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12140,
      CVE-2017-12429, CVE-2017-12430, CVE-2017-12431, CVE-2017-12432,
      CVE-2017-12435, CVE-2017-12563, CVE-2017-12587, CVE-2017-12640,
      CVE-2017-12643, CVE-2017-12670, CVE-2017-12674, CVE-2017-12691,
      CVE-2017-12692, CVE-2017-12693, CVE-2017-12875, CVE-2017-12877,
      CVE-2017-12983, CVE-2017-13134, CVE-2017-13139, CVE-2017-13142,
      CVE-2017-13143, CVE-2017-13144, CVE-2017-13145, CVE-2017-13758,
      CVE-2017-13768, CVE-2017-13769, CVE-2017-14060, CVE-2017-14172,
      CVE-2017-14173, CVE-2017-14174, CVE-2017-14175, CVE-2017-14224,
      CVE-2017-14249, CVE-2017-14325, CVE-2017-14341, CVE-2017-14342,
      CVE-2017-14343, CVE-2017-14400, CVE-2017-14505, CVE-2017-14531,
      CVE-2017-14532, CVE-2017-14607, CVE-2017-14624, CVE-2017-14625,
      CVE-2017-14626, CVE-2017-14682, CVE-2017-14739, CVE-2017-14741,
      CVE-2017-14989, CVE-2017-15015, CVE-2017-15016, CVE-2017-15017,
      CVE-2017-15277, CVE-2017-15281, CVE-2017-16546, CVE-2017-17504,
      CVE-2017-17681, CVE-2017-17682, CVE-2017-17879, CVE-2017-17914,
      CVE-2017-18209, CVE-2017-18211, CVE-2017-18252, CVE-2017-18271,
      CVE-2017-18273, CVE-2017-1000445, CVE-2017-1000476, CVE-2018-5248,
      CVE-2018-7443, CVE-2018-8804, CVE-2018-8960, CVE-2018-9133,
      CVE-2018-10177, CVE-2018-11251

 -- Marc Deslauriers <email address hidden> Fri, 08 Jun 2018 09:35:43 -0400

Source diff to previous version
CVE-2017-10995 The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read an
CVE-2017-11352 In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability e
CVE-2017-11533 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/
CVE-2017-11535 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/p
CVE-2017-11537 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in cod
CVE-2017-11639 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/
CVE-2017-11640 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/t
CVE-2017-12140 The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafte
CVE-2017-12429 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a
CVE-2017-12430 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a d
CVE-2017-12431 In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a deni
CVE-2017-12432 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a d
CVE-2017-12435 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a d
CVE-2017-12563 In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a d
CVE-2017-12587 ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
CVE-2017-12640 ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-12643 ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
CVE-2017-12670 In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/imag
CVE-2017-12674 In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a deni
CVE-2017-12691 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a craf
CVE-2017-12692 The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a cr
CVE-2017-12693 The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a craf
CVE-2017-12875 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVE-2017-12877 Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of servi
CVE-2017-12983 Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (
CVE-2017-13134 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attac
CVE-2017-13139 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2017-13142 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short file
CVE-2017-13143 In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote att
CVE-2017-13144 In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large,
CVE-2017-13145 In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, lead
CVE-2017-13758 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVE-2017-13768 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial
CVE-2017-13769 The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-r
CVE-2017-14060 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cau
CVE-2017-14172 In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a
CVE-2017-14173 In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(d
CVE-2017-14174 In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumpti
CVE-2017-14175 In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When
CVE-2017-14224 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code
CVE-2017-14249 ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cac
CVE-2017-14325 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to caus
CVE-2017-14341 ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVE-2017-14342 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVE-2017-14343 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-14400 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause
CVE-2017-14505 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Serv
CVE-2017-14531 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
CVE-2017-14532 ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14607 In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploi
CVE-2017-14624 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14625 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14626 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14682 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and applicat
CVE-2017-14739 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows rem
CVE-2017-14741 The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a c
CVE-2017-14989 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font f
CVE-2017-15015 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVE-2017-15016 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVE-2017-15017 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-15277 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has ne
CVE-2017-15281 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspeci
CVE-2017-16546 The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote
CVE-2017-17504 ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage
CVE-2017-17681 In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to ca
CVE-2017-17682 In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause
CVE-2017-17879 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculati
CVE-2017-17914 In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of s
CVE-2017-18209 In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memo
CVE-2017-18211 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-loo
CVE-2017-18252 An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (as
CVE-2017-18271 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows
CVE-2017-18273 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows at
CVE-2017-1000445 ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVE-2017-1000476 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a den
CVE-2018-5248 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode fun
CVE-2018-7443 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows r
CVE-2018-8804 WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and a
CVE-2018-8960 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer
CVE-2018-9133 ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of
CVE-2018-10177 In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vul
CVE-2018-11251 In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to caus

Version: 8:6.8.9.9-7ubuntu5.9 2017-07-31 18:06:47 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.9) xenial-security; urgency=medium

  * SECURITY REGRESSION: image composite function regression (LP: #1707015)
    - disabled the following patches which cause issue:
      0224-Ensure-token-does-not-overflow.patch,
      0225-Fix-off-by-one-error-when-checking-token-length.patch,
      0226-Use-proper-cast.patch.

 -- Marc Deslauriers <email address hidden> Fri, 28 Jul 2017 14:22:17 -0400

Source diff to previous version
1707015 image composite functions not working in php

Version: 8:6.8.9.9-7ubuntu5.8 2017-07-24 18:06:47 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.8) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u10 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407,
      CVE-2017-9409, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501,
      CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188,
      CVE-2017-11352, CVE-2017-11360, CVE-2017-11447, CVE-2017-11448,
      CVE-2017-11449, CVE-2017-11450, CVE-2017-11478

 -- Marc Deslauriers <email address hidden> Fri, 21 Jul 2017 09:03:52 -0400

Source diff to previous version
CVE-2017-9261 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9262 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9405 In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9407 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9409 In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9439 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via
CVE-2017-9440 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service v
CVE-2017-9501 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via
CVE-2017-1092 IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM
CVE-2017-1114 RESERVED
CVE-2017-1117 IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID
CVE-2017-1118 RESERVED
CVE-2017-1135 RESERVED
CVE-2017-1136 RESERVED
CVE-2017-1144 IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
CVE-2017-1145 IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of ser
CVE-2017-1147 RESERVED

Version: 8:6.8.9.9-7ubuntu5.7 2017-05-30 14:06:46 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.7) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u9 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7943,
      CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346,
      CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350,
      CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354,
      CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765,
      CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142,
      CVE-2017-9143, CVE-2017-9144

 -- Marc Deslauriers <email address hidden> Fri, 26 May 2017 07:53:43 -0400

Source diff to previous version
CVE-2017-7606 coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might al
CVE-2017-7619 In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateH
CVE-2017-7941 The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-7943 The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-8343 In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8344 In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8345 In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8346 In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8347 In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8348 In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8349 In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8350 In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8351 In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8352 In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8353 In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8354 In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8355 In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8356 In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8357 In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8765 The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a craf
CVE-2017-8830 In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-9098 ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive infor
CVE-2017-9141 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c becau
CVE-2017-9142 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing check
CVE-2017-9143 In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file
CVE-2017-9144 In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.

Version: 8:6.8.9.9-7ubuntu5.6 2017-03-14 18:06:49 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.6) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      8:6.8.9.9-5+deb8u8 release. Once again, thanks to Bastien Roucariès
      for the excellent work this update is based on!
    - CVE-2017-6498, CVE-2017-6499, CVE-2017-6500

 -- Marc Deslauriers <email address hidden> Tue, 14 Mar 2017 09:05:24 -0400

CVE-2017-6498 An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVE-2017-6499 An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a D
CVE-2017-6500 An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.



About   -   Send Feedback to @ubuntu_updates