Changelog
graphicsmagick (1.3.26-8) unstable; urgency=high
* Fix CVE-2017-13775: denial of service issue in ReadJNXImage() .
* Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in
ReadXBMImage() .
* Fix memory leak vulnerability in ReadJNGImage() which allow attackers to
cause a denial of service via a crafted file.
* Fix double-free after reading a malformed JNG.
* Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do
not properly manage image pointers after certain error conditions, which
allows remote use-after-free attacks via a crafted file, related to a
ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists
because of an incomplete fix for CVE-2017-11403 .
* Fix CVE-2017-8350: crash while reading a malformed JNG file.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 04 Sep 2017 18:50:34 +0000