Changelog
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 17:14:38 +0200