UbuntuUpdates.org

Package "imagemagick-6.q16"

Name: imagemagick-6.q16

Description:

image manipulation programs -- quantum depth Q16

Latest version: 8:6.8.9.9-7ubuntu5.16
Release: xenial (16.04)
Level: updates
Repository: main
Head package: imagemagick
Homepage: http://www.imagemagick.org/

Links


Download "imagemagick-6.q16"


Other versions of "imagemagick-6.q16" in Xenial

Repository Area Version
base main 8:6.8.9.9-7ubuntu5
security main 8:6.8.9.9-7ubuntu5.16

Changelog

Version: 8:6.8.9.9-7ubuntu5.16 2020-12-15 20:06:38 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.16) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-19948.patch: Fix heap-based buffer overflow in
      coders/sgi.c.
    - debian/patches/CVE-2019-19949.patch: Fix heap-based buffer overflow in
      coders/png.c.
    - CVE-2019-19948
    - CVE-2019-19949
  * SECURITY UPDATE: division by zero
    - debian/patches/CVE-2020-27560.patch: Change division to multiplication in
      OptimizeLayerFrames in magick/layer.c
    - CVE-2020-27560

 -- Avital Ostromich <email address hidden> Tue, 17 Nov 2020 17:22:09 -0500

Source diff to previous version
CVE-2019-19948 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19949 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_pr
CVE-2020-27560 ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

Version: 8:6.8.9.9-7ubuntu5.15 2019-11-14 16:07:55 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.15) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-*.patch: backport multiple upstream commits.
    - CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977,
      CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137,
      CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301,
      CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307,
      CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13391,
      CVE-2019-13454, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140,
      CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711,
      CVE-2019-16713
  * debian/patches/300-disable-ghostscript-formats.patch: also disable
    PS2 and PS3 content per VU#332928 recommendations.

 -- Marc Deslauriers <email address hidden> Mon, 11 Nov 2019 13:57:08 -0500

Source diff to previous version
CVE-2019-12974 A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 all
CVE-2019-12975 ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
CVE-2019-12976 ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
CVE-2019-12977 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
CVE-2019-12978 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
CVE-2019-12979 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to Acq
CVE-2019-13135 ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVE-2019-13137 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVE-2019-13295 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
CVE-2019-13297 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled
CVE-2019-13300 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVE-2019-13301 ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
CVE-2019-13304 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
CVE-2019-13305 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
CVE-2019-13306 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
CVE-2019-13307 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
CVE-2019-13309 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/
CVE-2019-13310 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
CVE-2019-13311 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
CVE-2019-13391 In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtua
CVE-2019-13454 ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVE-2019-14981 In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an att
CVE-2019-15139 The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (appl
CVE-2019-15140 coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have
CVE-2019-16708 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16710 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVE-2019-16711 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVE-2019-16713 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Version: 8:6.8.9.9-7ubuntu5.14 2019-06-25 13:07:46 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.14) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-*.patch: backport multiple upstream commits.
    - CVE-2017-12805, CVE-2017-12806, CVE-2018-16412, CVE-2018-16413,
      CVE-2018-17965, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024,
      CVE-2018-18025, CVE-2018-20467, CVE-2019-7175, CVE-2019-7396,
      CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2019-10131,
      CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597,
      CVE-2019-11598

 -- Marc Deslauriers <email address hidden> Fri, 14 Jun 2019 13:58:31 -0400

Source diff to previous version
CVE-2017-12805 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of servic
CVE-2017-12806 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
CVE-2018-16412 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
CVE-2018-16413 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/ps
CVE-2018-17965 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
CVE-2018-17966 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
CVE-2018-18016 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVE-2018-18024 In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vu
CVE-2018-18025 In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a d
CVE-2018-20467 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote a
CVE-2019-7175 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVE-2019-7397 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVE-2019-7398 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
CVE-2019-9956 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a d
CVE-2019-10131 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local
CVE-2019-10650 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to caus
CVE-2019-11470 The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by craftin
CVE-2019-11472 ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-
CVE-2019-11597 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to caus
CVE-2019-11598 In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause

Version: 8:6.8.9.9-7ubuntu5.13 2018-10-05 00:06:59 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.13) xenial-security; urgency=medium

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution vulnerabilities in ghostscript as
    invoked by imagemagick
    - debian/patches/200-disable-ghostscript-formats.patch: disable
      ghostscript handled types by default in policy.xml
  * SECURITY UPDATE: information leak in ReadXBMImage
    - debian/patches/CVE-2018-16323.patch: don't leave data
      uninitialized with negative pixels
    - CVE-2018-16323
  * SECURITY UPDATE: memory leak of colormap in WriteMPCImage
    - debian/patches/CVE-2018-14434.patch: free colormap on bad
      color depth
    - CVE-2018-14434
  * SECURITY UPDATE: memory leak in DecodeImage
    - debian/patches/CVE-2018-14435.patch: free memory when given a
      bad plane
    - CVE-2018-14435
  * SECURITY UPDATE: memory leak in ReadMIFFImage
    - debian/patches/CVE-2018-14436.patch: free memory when given a
      bad depth
    - CVE-2018-14436
  * SECURITY UPDATE: memory leak in parse8BIM
    - debian/patches/CVE-2018-14437-prereq.patch: check for negative
      values
    - debian/patches/CVE-2018-14437.patch: free strings in error
      conditions
    - CVE-2018-14437
  * SECURITY UPDATE: memory leak in ReadOneJNGImage
    - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG()
    - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG()
    - debian/patches/CVE-2018-16640.patch: free memory on error
    - CVE-2018-16640
  * SECURITY UPDATE: denial of service due to out-of-bounds write
    in InsertRow
    - debian/patches/CVE-2018-16642.patch: improve checking for errors
    - CVE-2018-16642
  * SECURITY UPDATE: denial of service due to missing fputc checks
    - debian/patches/CVE-2018-16643.patch: check fputc calls for error
    - CVE-2018-16643
  * SECURITY UPDATE: denial of service in ReadDCMImage and
    ReadPICTImage
    - debian/patches/CVE-2018-16644-prereq-1.patch: check for EOF
      when reading from file
    - debian/patches/CVE-2018-16644-prereq-2.patch: define
      ThrowPICTException() macro and use it
    - debian/patches/CVE-2018-16644-1.patch,
      debian/patches/CVE-2018-16644-2.patch: check for invalid length
    - CVE-2018-16644
  * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage
    - debian/patches/CVE-2018-16645.patch: ensure number_colors is
      not too large
    - CVE-2018-16645
  * SECURITY UPDATE: denial of service in ReadOneJNGImage
    - debian/patches/CVE-2018-16749.patch; check for NULL color_image
    - CVE-2018-16749
  * SECURITY UPDATE: memory leak in formatIPTCfromBuffer
    - debian/patches/CVE-2018-16750.patch: free memory on error
    - CVE-2018-16750

  [ Marc Deslauriers ]
  * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485)
    - debian/patches/0261-CVE-2017-13144.patch: removed pending
      further investigation.
    - debian/patches/CVE-2017-12430.patch: refreshed.

 -- Steve Beattie <email address hidden> Fri, 28 Sep 2018 11:19:54 -0700

Source diff to previous version
1793485 segfault in png to gif conversion
CVE-2018-16323 ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If
CVE-2018-14434 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVE-2018-14435 ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVE-2018-14436 ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVE-2018-14437 ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVE-2018-16640 ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
CVE-2018-16642 The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to a
CVE-2018-16643 The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in Image
CVE-2018-16644 There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which a
CVE-2018-16645 There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11,
CVE-2018-16749 In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBl
CVE-2018-16750 In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
CVE-2017-13144 In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large,
CVE-2017-12430 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a d

Version: 8:6.8.9.9-7ubuntu5.12 2018-07-11 14:07:10 UTC

  imagemagick (8:6.8.9.9-7ubuntu5.12) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in ReadBMPImage and WriteBMPImage
    - debian/patches/CVE-2018-12599.patch: use proper lengths in
      coders/bmp.c.
    - CVE-2018-12599
  * SECURITY UPDATE: out-of-bounds write in ReadDIBImage and WriteDIBImage
    - debian/patches/CVE-2018-12600.patch: use proper lengths in
      coders/dib.c.
    - CVE-2018-12600
  * SECURITY UPDATE: memory leak in XMagickCommand
    - debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
    - CVE-2018-13153

 -- Marc Deslauriers <email address hidden> Tue, 10 Jul 2018 10:10:29 -0400

CVE-2018-12599 In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-12600 In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-13153 In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.



About   -   Send Feedback to @ubuntu_updates