-
imagemagick (8:6.9.10.23+dfsg-2.1+deb10u1) buster-security; urgency=medium
* CVE-2019-10649
* CVE-2019-11470 (Closes: #927830)
* CVE-2019-11472 (Closes: #927828)
* CVE-2019-11597 (Closes: #928207)
* CVE-2019-11598 (Closes: #928206)
* CVE-2019-12974 (Closes: #931196)
* CVE-2019-12975 (Closes: #931193)
* CVE-2019-12976 (Closes: #931192)
* CVE-2019-12977 (Closes: #931191)
* CVE-2019-12978 (Closes: #931190)
* CVE-2019-12979 (Closes: #931189)
* CVE-2019-13135 (Closes: #932079)
* CVE-2019-13137 (Closes: #931342)
* CVE-2019-13295 (Closes: #931457)
* CVE-2019-13297 (Closes: #931455)
* CVE-2019-13300 (Closes: #931454)
* CVE-2019-13301
* CVE-2019-13304 (Closes: #931453)
* CVE-2019-13305 (Closes: #931452)
* CVE-2019-13307 (Closes: #931448)
* CVE-2019-13308 (Closes: #931447)
* CVE-2019-13309
* CVE-2019-13311
* CVE-2019-13454 (Closes: #931740)
* CVE-2019-14981 (Closes: #955025)
* CVE-2019-15139 (Closes: #941670)
* CVE-2019-15140 (Closes: #941671)
* CVE-2019-16708
* CVE-2019-16710
* CVE-2019-16711
* CVE-2019-16713
* CVE-2019-7175
* CVE-2019-7395
* CVE-2019-7396
* CVE-2019-7397
* CVE-2019-7398
* CVE-2019-19948 (Closes: #947308)
* CVE-2019-19949 (Closes: #947309)
Thanks for Marc Deslauriers for patches from the 19.10 USN update (same base version)
-- Moritz Mühlenhoff <email address hidden> Thu, 25 Jun 2020 20:00:40 +0200
-
imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Stack-based buffer overflow in function PopHexPixel in coders/ps.c
(CVE-2019-9956) (Closes: #925395)
* Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
(Closes: #926091)
-- Salvatore Bonaccorso <email address hidden> Fri, 03 May 2019 16:34:26 +0200
-
imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium
* Bug fix: "identify 6.9.10-23 does not convert units (pixels per
cm/in)", thanks to Cédric Boutillier (Closes: #918642).
-- Bastien Roucariès <email address hidden> Tue, 08 Jan 2019 15:08:25 +0100
-
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
-- Bastien Roucariès <email address hidden> Sun, 04 Nov 2018 21:09:08 +0100
-
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
-- Bastien Roucariès <email address hidden> Thu, 01 Nov 2018 22:07:12 +0100
-
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
* Use salsa in control
* Add Pre-depends on dpkg for versionned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
-- Bastien Roucariès <email address hidden> Wed, 31 Oct 2018 07:27:50 +0100
-
imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high
* New upstream version
* Fix security bugs:
+ CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
uses an uninitialized variable, leading to memory corruption.
(Closes: #904713)
+ CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
+ CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
+ CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
+ CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
in coders/mpc.c.
+ CVE-2018-13153: Memory leak in the XMagickCommand function
in MagickCore/animate.c.
-- Bastien Roucariès <email address hidden> Mon, 30 Jul 2018 15:14:16 +0200
-
imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high
* Fix perlmagick (Closes: #903404)
-- Bastien Roucariès <email address hidden> Tue, 10 Jul 2018 00:32:34 +0200
-
imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
-- Bastien Roucariès <email address hidden> Mon, 19 Mar 2018 17:03:39 +0100
-
imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high
* Upload to unstable (urgency high due to security issues).
-- Bastien Roucariès <email address hidden> Sun, 18 Feb 2018 00:12:41 +0100
-
imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
-- Helmut Grohne <email address hidden> Sun, 28 Jan 2018 15:12:24 +0100
-
imagemagick (8:6.9.7.4+dfsg-16) unstable; urgency=high
* Security fix release
* Fix a memory exhaustion in ReadPSDImage
(Closes: #870530)
* Fix a memory-Leak in ReadPWPImage()
(Closes: #870527)
* Avoid unbounded loop in pwp coder
(Closes: #870526)
* Fix a memory leaks in WriteMSLImage
(Closes: #870525)
* Fix another memory leak in WriteMSLImage
(Closes: #870524)
* Fix a memory exhaustion bug in ReadSUNImage
(Closes: #870504)
* Fix a memory leak in ReadSVGImage
(Closes: #870503)
* Fix a memory leak in WriteMAPImage
(Closes: #870483)
* Fix a memory leak in ReadPICTImage
(Closes: #870502)
* Fix a memory leak in WritePICTImage
(Closes: #870501)
* Fix a memory leak in pdf coder
(Closes: #870492)
* Fix a memory leak in PCX coder
(Closes: #870489)
* Memory exhaustion in PCX coder
(Closes: #870491)
* Memory leak in WriteINLINEImage
(Closes: #870482)
* CVE-2017-11752
The ReadMAGICKImage function in coders/magick.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11751
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11750
Fix improper use of NULL in the JNG decoder
(Closes: #870478)
* memory leak in WriteCALSImage
(Closes: #870475)
-- Bastien Roucariès <email address hidden> Wed, 02 Aug 2017 22:38:50 +0200
-
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 17:14:38 +0200
-
imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high
* Fix a typo in changelog about CVE numbers
* Security fixes:
+ Really Fix CVE-2017-9500 (Closes: #867778)
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-11446 (Closes: #868950)
The ReadPESImage function in coders\pes.c has an infinite
loop vulnerability that can cause CPU exhaustion via a crafted
PES file.
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Use after free in ReadWMFImage
When identify WMF file, a crafted file revealed a use-after-free
vulnerability. (Closes: #869715).
+ CVE-2017-11534: Memory-Leak in lite_font_map()
In coders/wmf.c a memory leak is triggered by a crafted file.
(Closes: #869711).
+ CVE-2017-11537: palm coder FPE
When ImageMagick processes a crafted file in convert, it can
lead to a Floating Point Exception (FPE) in the WritePALMImage()
function in coders/palm.c, related to an incorrect bits-per-pixel
calculation.
(Closes: #869712)
+ Memory leak in WritePALMImage
Fix memory leak due to crafted file in palm coder.
(Closes: #869721)
+ Fix another memory leak in quantize.c
(Closes: #869722)
+ CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
A crafted file could trigger a
Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
(Closes: #869725)
+ Avoid a crash in mpc coder
A crafted file could trigger a crash in the mpc coder.
(Closes: #869728).
+ Fix a memory leak in enhance.c
Fix a potential memory leak if memory could not be allocated for one
of histogram or stretch_map.
If both cannot be allocated, there is no memory leak. If only one is
allocated and the other fails,
there is a memory leak of the one that could not be allocated. There
is very little chance the allocations would fail.
(Closes: #869769).
+ Fix a memory leak in jpeg and mpc coder
A leak due to exception handling exist in MPC and JPEG coder.
This could be triggerd by a crafted file.
(Closes: #869791).
+ Fix memory exhaustion in mpc coder
When identify MPC file , imagemagick will allocate memory to store the
data.
The function StringToUnsignedLong convert string to unsigned long
type, but the return value was not checked.
Here is my policy.xml to limit memory usage,but 256MB limit
can be bypassed.
(Closes: #869727).
+ Fix a leak in mpc file due to corrupted profiles
(Closes: #869796).
+ CVE-2017-11532: memory leak
When Imagemagick processes a crafted file in convert,
it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
(Closes: #869726)
+ CVE-2017-11535: heap based overflow in ps.c
When ImageMagick processes a crafted file in
convert, it can lead to a heap-based buffer over-read in the
WritePSImage() function in coders/ps.c.
(Closes: #869827)
+ CVE-2017-11536 memory leak in jp2 coder
When ImageMagick processes a crafted file in convert, it
can lead to a Memory Leak in the WriteJP2Image() function in
coders/jp2.c.
(Closes: #869831)
+ Fix a crash in jp2 codec
Lack of validation of jp2 could lead to a crash
(Closes: #869830)
+ CVE-2017-11533: heap buffer overflow in uil coder
When ImageMagick processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteUILImage() function
in coders/uil.c.
(Closes: #869834)
-- Bastien Roucariès <email address hidden> Tue, 25 Jul 2017 22:13:44 +0200
-
imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
-- Bastien Roucariès <email address hidden> Fri, 14 Jul 2017 15:35:15 +0200
-
imagemagick (8:6.9.7.4+dfsg-11) unstable; urgency=high
* Fix minor security bugs:
+ CVE-2017-9409: Memory leak in the icon file coder.
(Closes: #864087)
+ CVE-2017-9407: the ReadPALMImage function in palm.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864089).
+ CVE-2017-9409: the ReadMPCImage function in mpc.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864090).
-- Bastien Roucariès <email address hidden> Sun, 04 Jun 2017 12:02:50 +0200