imagemagick 8:6.9.7.4+dfsg-13 source package in Debian

Changelog

imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high

  * Fix a typo in changelog about CVE numbers
  * Security fixes:
    + Really Fix CVE-2017-9500 (Closes: #867778)
      An assertion failure was found in the function
      ResetImageProfileIterator, which allows attackers to cause a denial
      of service via a crafted file.
    + Fix CVE-2017-11446 (Closes: #868950)
      The ReadPESImage function in coders\pes.c has an infinite
      loop vulnerability that can cause CPU exhaustion via a crafted
      PES file.
    + CVE-2017-11523: endless loop in ReadTXTImage
      If text image file only contains "MagickID..." line,
      it will cause ReadTXTImage to infinite loop.
      (Closes: #869210).
    + Use after free in ReadWMFImage
      When identify WMF file, a crafted file revealed a use-after-free
      vulnerability. (Closes: #869715).
    + CVE-2017-11534:  Memory-Leak in lite_font_map()
      In coders/wmf.c a memory leak is triggered by a crafted file.
      (Closes: #869711).
    + CVE-2017-11537: palm coder FPE
      When ImageMagick processes a crafted file in convert, it can
      lead to a Floating Point Exception (FPE) in the WritePALMImage()
      function in coders/palm.c, related to an incorrect bits-per-pixel
      calculation.
      (Closes: #869712)
    + Memory leak in WritePALMImage
      Fix memory leak due to crafted file in palm coder.
      (Closes: #869721)
    + Fix another memory leak in quantize.c
      (Closes: #869722)
    + CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
      A crafted file could trigger a
      Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
      (Closes: #869725)
    + Avoid a crash in mpc coder
      A crafted file could trigger a crash in the mpc coder.
      (Closes: #869728).
    + Fix a memory  leak in enhance.c
      Fix a potential memory leak if memory could not be allocated for one
      of histogram or stretch_map.
      If both cannot be allocated, there is no memory leak. If only one is
      allocated and the other fails,
      there is a memory leak of the one that could not be allocated. There
      is very little chance the allocations would fail.
      (Closes: #869769).
    + Fix a memory leak in jpeg and mpc coder
      A leak due to exception handling exist in MPC and JPEG coder.
      This could be triggerd by a crafted file.
      (Closes: #869791).
    + Fix memory exhaustion in mpc coder
      When identify MPC file , imagemagick will allocate memory to store the
      data.
      The function StringToUnsignedLong convert string to unsigned long
      type, but the return value was not checked.
      Here is my policy.xml to limit memory usage,but 256MB limit
      can be bypassed.
      (Closes: #869727).
    + Fix a leak in mpc file due to corrupted profiles
      (Closes: #869796).
    + CVE-2017-11532: memory leak
      When Imagemagick processes a crafted file in convert,
      it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
      (Closes: #869726)
    + CVE-2017-11535: heap based overflow in ps.c
      When ImageMagick processes a crafted file in
      convert, it can lead to a heap-based buffer over-read in the
      WritePSImage() function in coders/ps.c.
      (Closes: #869827)
    + CVE-2017-11536 memory leak in jp2 coder
      When ImageMagick processes a crafted file in convert, it
      can lead to a Memory Leak in the WriteJP2Image() function in
      coders/jp2.c.
      (Closes: #869831)
    + Fix a crash in jp2 codec
      Lack of validation of jp2 could lead to a crash
      (Closes: #869830)
    + CVE-2017-11533: heap buffer overflow in uil coder
      When ImageMagick processes a crafted file in convert, it can
      lead to a heap-based buffer over-read in the WriteUILImage() function
      in coders/uil.c.
      (Closes: #869834)
 
 -- Bastien Roucariès <email address hidden>  Tue, 25 Jul 2017 22:13:44 +0200

Upload details

Uploaded by:
ImageMagick Packaging Team
Uploaded to:
Sid
Original maintainer:
ImageMagick Packaging Team
Architectures:
any all
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
imagemagick_6.9.7.4+dfsg-13.dsc 5.0 KiB 826e105fe04aac90ed33b43cc3254db8b26b37ba43cc6dfabce983fa3babe116
imagemagick_6.9.7.4+dfsg.orig.tar.xz 8.5 MiB 47fb2cdd26f5913318c4504f16ea363e04d1f400dda9ec52e461ab661d724026
imagemagick_6.9.7.4+dfsg-13.debian.tar.xz 235.5 KiB 379caf7627e27e65bd05dabc97a4cec5f4061a7833506ee18dacfdde20359c5a

No changes file available.

Binary packages built by this source