UbuntuUpdates.org

Package "graphicsmagick"

Name: graphicsmagick

Description:

collection of image processing tools

Latest version: 1.3.23-1ubuntu0.6
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://www.graphicsmagick.org/

Links


Download "graphicsmagick"


Other versions of "graphicsmagick" in Xenial

Repository Area Version
base universe 1.3.23-1build1
security universe 1.3.23-1ubuntu0.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.23-1ubuntu0.6 2020-02-04 21:06:50 UTC

  graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
    - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
      reading heap data beyond the allocated size.
    - CVE-2017-17912
  * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
    - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
      the image pointer provided by libwebp is valid.
    - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
      0.5.0+ by disabling progress indication.
    - CVE-2017-17913
  * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
    - debian/patches/CVE-2017-17915.patch: Check range limit before accessing
      byte to avoid minor heap read overflow.
    - CVE-2017-17915
  * SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
    - debian/patches/CVE-2017-18219.patch: check MemoryResource before
      attempting to allocate ping_pixels array.
    - CVE-2017-18219
  * SECURITY UPDATE: Allocation failure in ReadTIFFImage()
    - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
      tile memory allocation requests based on file size.
    - CVE-2017-18229
  * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
    - debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
    - CVE-2017-18230
  * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
    - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
    - CVE-2017-18231

 -- Eduardo Barretto <email address hidden> Mon, 03 Feb 2020 16:47:01 -0300

Source diff to previous version
CVE-2017-17912 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads
CVE-2017-17913 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility
CVE-2017-17915 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte bef
CVE-2017-18219 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, whic
CVE-2017-18229 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which
CVE-2017-18230 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon
CVE-2017-18231 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c,

Version: 1.3.23-1ubuntu0.5 2020-01-22 20:07:08 UTC

  graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in ReadWPGImage()
    - debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
      PseudoClass type with valid colormapped indexes.
    - CVE-2017-16545
  * SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
    - debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
      to large strncpy size request and bad array index.
    - CVE-2017-16547
  * SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c
    - debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
      something fails.
    - debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
    - debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
      pointer due to programming error and report it.
    - debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
      produce expected PseudoClass indexes.
    - debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
    - debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
      all calls.
    - CVE-2017-16669
  * SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
    - debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
      gray+alpha 1-bit/sample.
    - CVE-2017-17498
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
    - debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17500
  * SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
    - debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
      testing pixels for opacity.
    - CVE-2017-17501
  * SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
    - debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17502
  * SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
    - debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17503
  * SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
    - debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
      which caused heap read overflow.
    - CVE-2017-17782
  * SECURITY UPDATE: Buffer over-read in ReadPALMImage()
    - debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
      while initializing color palette.
    - CVE-2017-17783

 -- Eduardo Barretto <email address hidden> Tue, 21 Jan 2020 14:15:33 -0300

Source diff to previous version
CVE-2017-16545 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to ca
CVE-2017-16547 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, wh
CVE-2017-16669 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or poss
CVE-2017-17498 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite hea
CVE-2017-17500 ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
CVE-2017-17501 WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
CVE-2017-17502 ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
CVE-2017-17503 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
CVE-2017-17782 In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVE-2017-17783 In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.

Version: 1.3.23-1ubuntu0.4 2020-01-08 19:07:05 UTC

  graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage()
    - debian/patches/CVE-2017-14165.patch: Verify that file header data length,
      and file length are sufficient for claimed image dimensions.
    - CVE-2017-14165
  * SECURITY UPDATE: Heap-based buffer over-read in DrawImage()
    - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in
      DrawDashPolygon().
    - CVE-2017-14314
  * SECURITY UPDATE: Null pointer dereference in ReadPNMImage()
    - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256
      colors.
    - CVE-2017-14504
  * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c
    - debian/patches/CVE-2017-14649.patch: Validate JNG data properly.
    - CVE-2017-14649
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage()
    - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha
      flag is present.
    - CVE-2017-14733
  * SECURITY UPDATE: Null pointer dereference in ReadDCMImage()
    - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce
      image list with no frames, resulting in null image pointer.
    - CVE-2017-14994
  * SECURITY UPDATE: Integer underflow in ReadPICTImage()
    - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to
      astonishingly large allocation request.
    - CVE-2017-14997
  * SECURITY UPDATE: Resource leak in ReadGIFImage()
    - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully
      initialized.
    - CVE-2017-15277
  * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage()
    - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer
      when transferring JPEG scanlines.
    - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null
      PixelPacket pointer.
    - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable
      dimensions given the file size.
    - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception
      gets reported on read failure.
    - CVE-2017-15930
  * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage()
    - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow
      while describing visual image directory.
    - CVE-2017-16352
  * SECURITY UPDATE: Memory information disclosure in DescribeImage()
    - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the
      IPTC profile.
    - CVE-2017-16353

 -- Eduardo Barretto <email address hidden> Mon, 06 Jan 2020 15:39:05 -0300

Source diff to previous version
CVE-2017-14165 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a len
CVE-2017-14314 Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDash
CVE-2017-14504 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer D
CVE-2017-14649 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failu
CVE-2017-14733 ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a de
CVE-2017-14994 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted D
CVE-2017-14997 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTI
CVE-2017-15277 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has ne
CVE-2017-15930 In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelP
CVE-2017-16352 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the Descri
CVE-2017-16353 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c fil

Version: 1.3.23-1ubuntu0.3 2019-12-16 19:07:00 UTC

  graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference in WriteMAPImage()
    - debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer
      dereference or SEGV if input is not colormapped.
    - CVE-2017-11638
    - CVE-2017-11642
  * SECURITY UPDATE: Memory leak in PersistCache()
    - debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick
      Persistent Cache format.
    - CVE-2017-11641
  * SECURITY UPDATE: Heap overflow in WriteCMYKImage()
    - debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11643
  * SECURITY UPDATE: Invalid memory read in SetImageColorCallBack()
    - debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions
      (over 65535).
    - CVE-2017-12935
  * SECURITY UPDATE: Use-after-free in ReadWMFImage()
    - debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap
      data in error reporting path.
    - CVE-2017-12936
  * SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage()
    - debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing
      colormap in bilevel decoder.
    - CVE-2017-12937
  * SECURITY UPDATE: Heap-based buffer overflow vulnerability
    - debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix
      buffer-overflow and inconsistent behavior in GetStyleTokens().
    - CVE-2017-13063
    - CVE-2017-13064
    - CVE-2017-13065
  * SECURITY UPDATE: Heap-based buffer over-read in SFWScan
    - debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in
      SFWScan().
    - CVE-2017-13134
  * SECURITY UPDATE: Invalid free in MagickFree()
    - debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round
      down, rather than up.
    - CVE-2017-13737
  * SECURITY UPDATE: DoS in ReadJNXImage()
    - debian/patches/CVE-2017-13775.patch: Fix DOS issues.
    - CVE-2017-13775
  * SECURITY UPDATE: DoS in ReadXBMImage()
    - debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues.
    - CVE-2017-13776
    - CVE-2017-13777

 -- Eduardo Barretto <email address hidden> Thu, 12 Dec 2019 11:31:23 -0300

Source diff to previous version
CVE-2017-11638 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a differe
CVE-2017-11642 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a diffe
CVE-2017-11641 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
CVE-2017-11643 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical w
CVE-2017-12935 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColo
CVE-2017-12936 The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
CVE-2017-12937 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
CVE-2017-13063 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
CVE-2017-13064 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
CVE-2017-13065 GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
CVE-2017-13134 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attac
CVE-2017-13737 There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
CVE-2017-13775 GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consum
CVE-2017-13776 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the re
CVE-2017-13777 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the re

Version: 1.3.23-1ubuntu0.2 2019-12-02 21:07:06 UTC

  graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in
      coders/png.c
    - CVE-2017-13147
  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify
      sufficient backing file data before memory request.
    - CVE-2017-14042
  * SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples
    per pixel value in a CMYKA TIFF file.
    - debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading
      CMYKA tiff which claims wrong samples/pixel.
    - CVE-2017-6335
  * SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with
    metadata.
    - debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce
      that buffer overflow can not happen while importing pixels.
    - CVE-2017-10794
  * SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with
    metadata.
    - debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized
      based on header, and reject files with insufficient data.
    - CVE-2017-10799
  * SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length
    color_image data structure.
    - debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image
      while reading a JNG.
    - CVE-2017-11102
  * SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file.
    - debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first
      scanline.
    - CVE-2017-11140
  * SECURITY UPDATE: Use-after-free via a crafted MNG file.
    - debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and
      DestroyImageList() that caused a use-after-free crash.
    - debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free.
    - CVE-2017-11403
  * SECURITY UPDATE: Heap overflow when processing multiple frames that have
    non-identical widths.
    - debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11636
  * SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function.
    - debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in
      writing monochrome images.
    - CVE-2017-11637

 -- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:36:23 -0300

CVE-2017-13147 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND
CVE-2017-14042 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memo
CVE-2017-6335 The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-b
CVE-2017-10794 When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occ
CVE-2017-10799 When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in Rea
CVE-2017-11102 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during
CVE-2017-11140 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remot
CVE-2017-11403 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted fi
CVE-2017-11636 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical wid
CVE-2017-11637 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.



About   -   Send Feedback to @ubuntu_updates