Debian
imagemagick package

imagemagick 8:6.9.7.4+dfsg-15 source package in Debian

Changelog

imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high

  * Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
    thanks to Adrian Bunk and Gianfranco Costamagna
    (Closes: #870047).
  * Security fixes:
    + CVE-2017-11639
      When ImageMagick processes a crafted file in convert,
      it can lead to a heap-based buffer over-read
      in the WriteCIPImage() function in coders/cip.c,
      related to the GetPixelLuma function
      in MagickCore/pixel-accessor.h.
      (Closes: #870065).
    + CVE-2017-11640
      When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
      lead to an address access exception in the WritePTIFImage() function
      (Closes: #870067)
    + Validate png file.
      Detect corrupted png early and avoid a crash
      (Closes: #870105)
    + Heap buffer overflow in ReadOneMNGImage
      A crafted file will cause x_off[i] out-of-bound operation vulnerability.
      (Closes: #870106)
    + memory exhaustion in ReadOneJNGImage in png.c
      When identify JNG file that contains chunk data, imagemagick will
      allocate memory to store the chunk data in function ReadOneJNGImage
      Due to a lack of valition, memory is not limited for corrupted files.
      (Closes: #870107)
    + memory leak in ReadOneJNGImage #550
      A crafted file could trigger a memory leak
      (Closes: #870108)
    + out-of-bounds read with the MNG CLIP chunk.
      (Closes: #870109)
    + coders/png.c: Memory leak Fixed Issue 600
      (Closes: #870116)
    + memory leak in ReadOneJNGImage (upstream 602)
      Fix a leak triggered by a corrupted file
      (Closes: #870115)
    + Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
      Some version of libpng need serialization for error recovery of hard lock
      Could be triggered by a corrupted file
      (Closes: #870111)
    + memory leak in ReadOneMNGImage #619
      A memory leak vulnerability was found in function ReadOneMNGImage,
      which allow attackers to cause a denial of service (memory leak) via
      a crafted file.
      (Closes: #870117)
    + memory leak in ReadOneJNGImage #618
      Triggered by a corrupted file
      (Closes: #870118)
    + bad free in RelinquishMagickMemory
      (Closes: #870119)
    + CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
      (Closes: #870120)

 -- Bastien Roucariès <email address hidden>  Sat, 29 Jul 2017 17:14:38 +0200

Upload details

Uploaded by:
ImageMagick Packaging Team
Uploaded to:
Sid
Original maintainer:
ImageMagick Packaging Team
Architectures:
any all
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
imagemagick_6.9.7.4+dfsg-15.dsc 5.0 KiB 8ca618e974bafa89ea30fd2da64c3b0e90b18152342ef96d561e9922a0bd3ead
imagemagick_6.9.7.4+dfsg.orig.tar.xz 8.5 MiB 47fb2cdd26f5913318c4504f16ea363e04d1f400dda9ec52e461ab661d724026
imagemagick_6.9.7.4+dfsg-15.debian.tar.xz 243.0 KiB a575c3e343a19e6f5e42cd9a9d56a676dfd2d28c7305b884f18fa73e5d1a5139

No changes file available.

Binary packages built by this source