[ubuntu/cosmic-proposed] imagemagick 8:6.9.10.2+dfsg-3ubuntu2 (Accepted)
Corey Bryant
corey.bryant at canonical.com
Thu Jul 19 17:57:15 UTC 2018
imagemagick (8:6.9.10.2+dfsg-3ubuntu2) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
- SECURITY UPDATE: memory leak in XMagickCommand
- debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
- CVE-2018-13153
- SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-201[78]*.patch: backport large number of upstream
security patches. (Note: All patches except CVE-2017-15033 have landed
upstream in 6.9.10.2).
- CVE-2017-15033
imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high
* Fix perlmagick (Closes: #903404)
imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium
* Upload to unstable
imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium
* Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
2", thanks to Sven Joachim (Closes: #893953).
* Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
Grohne (Closes: #893925).
* Move to git dpm
* Move to salsa
* SO dump
* Fix security bugs:
+ CVE-2018-9133: Excessive iteration in the DecodeLabImage
and EncodeLabImage functions (coders/tiff.c), which results
in a hang (tens of minutes) with a tiny PoC file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted tiff file.
(Closes: #894848)
+ CVE-2018-9133: SetGrayscaleImage in the quantize.c file
allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-11624: the ReadMATImage function in coders/mat.c
allows attackers to cause a use after free via a crafted file.
+ CVE-2018-11625: the SetGrayscaleImage in the quantize.c
file allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-10177: An infinite loop is present in the
ReadOneMNGImage function of the coders/png.c file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted mng file.
+ CVE-2017-14528: Tested (with and without valgrind) and found immune.
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers
to cause a denial of service (use-after-free after an invalid call
to TIFFSetField, and application crash) via a crafted file.
+ CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
(Closes: #898218).
+ CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
(Closes: #898217)
+ CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
in coders/bmp.c allow attackers to cause an out of bounds write
via a crafted file.
+ CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
allow attackers to cause an out of bounds write via a crafted file.
imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high
* Upload to unstable (urgency high due to security issues).
imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high
* Fix FTBFS for s390x where float_t is double
imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
* New upstream version
* Packaging fix:
+ Fix privacy breach.
+ Bump compat level to 11.
+ Bump policy no changes
+ Fix lintian warnings
+ Fix "unnecessary libgraphviz-dev dependency (and graphviz
suggests?)", thanks to Matthias Klose (Closes: #884444).
+ Remove Vincent Fourmond <fourmond at debian.org> as uploader, thanks
to him. (Closes: #878679).
+ Aknowledge NMU (Closes: #856601)
* Fix a few security issues
+ Fix CVE-2017-1000445: NULL pointer dereference in
the MagickCore component and might lead to denial of service.
(Closes: #886281)
+ Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
the function ReadDDSInfo in coders/dds.c, which allows attackers
to cause a denial of service.
+ Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
has an integer signedness error leading to excessive memory
consumption via a crafted DCM file.
(Closes: #873059)
+ Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service
(Closes: #872609)
+ Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
(Closes: #875338)
+ Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
in ImageMagick allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file.
(Closes: #875339)
+ Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted BMP
(Closes: #875341)
+ Fix CVE-2017-12875: The WritePixelCachePixels function
allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file.
(Closes: #873871)
+ Fix CVE-2017-12877: Use-after-free vulnerability in
the DestroyImage function in image.c in ImageMagick allows
remote attackers to cause a denial of service via a crafted file.
(Closes: #872373)
+ Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
attackers to cause a denial of service (application crash)
or possibly have unspecified other impact via a crafted file.
(Closes: #873134)
+ Fix CVE-2017-13061: A length-validation vulnerability was found
in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service
(ReadPSDImage memory exhaustion) via a crafted file
(Closes: #873131)
+ Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
(Closes: #873100)
+ Fix CVE-2017-13134: a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers
to cause a denial of service via a crafted file.
(Closes: #873099)
+ Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
function in MagickCore/draw.c.
(Closes: #878508)
+ Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
function in MagickCore/identify.c in ImageMagick allows an attacker
to perform denial of service by sending a crafted image file.
(Closes: #875352)
+ Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
coders/thumbnail.c allows an attacker to cause a denial of service
(buffer over-read) by sending a crafted JPEG file.
(Closes: #878507)
+ Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
ReadCUTImage function in coders/cut.c that could allow an attacker
to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
function within the MagickCore/cache.c file) by submitting
a malformed image file.
(Closes: #878506)
+ Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
due to lack of an EOF (End of File) check cause high CPU consumption.
When a crafted PSD file, which claims a large "extent" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875506)
+ Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
an integer overflow might occur for the addition operation
"GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
value than expected. As a result, an infinite loop would occur
for a crafted TXT file that claims a very large "max_value" value.
(Closes: #875504)
+ Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted PSD file, which claims a large "length" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875503)
+ Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted XBM file, which claims large rows and columns fields
in the header but does not contain sufficient backing data,
is provided, the loop over the rows would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875502)
+ Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
in coders/pcx.c allows remote attackers to cause a denial
of service or code execution via a crafted file.
(Closes: #876097)
+ Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c,
allowing remote attackers to cause a denial of service
via a crafted file.
(Closes: #876099)
+ Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
in coders/wpg.c, causing CPU exhaustion via a crafted
wpg image file.
(Closes: #876105)
+ Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
mishandles the pixel cache nexus, which allows remote attackers
to cause a denial of service (NULL pointer dereference
in the function GetVirtualPixels in MagickCore/cache.c)
via a crafted file.
(Closes: #878546)
+ Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
mishandles certain NULL arrays, which allows attackers to perform
Denial of Service (NULL pointer dereference and application crash in
AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input.
(Closes: #878545)
+ Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
in coders/tiff.c.
(Closes: #878541)
+ Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
has been reported in coders/tiff.c. An attacker could possibly
exploit this flaw to disclose potentially sensitive memory
or cause an application crash.
(Closes: #878527)
+ Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
in the function PostscriptDelegateMessage in coders/ps.c.
(Closes: #877354)
+ Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
in the function sixel_output_create in coders/sixel.c.
(Closes: #877355)
+ Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
in the function sixel_decode in coders/sixel.c.
(Closes: #878524)
+ Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability
than CVE-2017-10928.
(Closes: #876488)
+ Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
function in magick/resample-private.h in ImageMagick
mishandles failed memory allocation, which allows
remote attackers to cause a denial of service
(NULL Pointer Dereference in DistortImage in
MagickCore/distort.c, and application crash)
via unspecified vectors.
(Closes: #878547)
+ Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
allows remote attackers to cause a denial of service
(infinite loop) via a crafted font file.
(Closes: #878548)
+ Fix CVE-2017-14989: A use-after-free in RenderFreetype
in MagickCore/annotate.c allows attackers to crash the application
via a crafted font file, because the FT_Done_Glyph function
(from FreeType 2) is called at an incorrect place in the ImageMagick code.
(Closes: #878562)
+ Fix CVE-2017-15015: NULL pointer dereference vulnerability in
PDFDelegateMessage in coders/pdf.c.
(Closes: #878555)
+ Fix CVE-2017-15017: NULL pointer dereference vulnerability
in ReadOneMNGImage in coders/png.c.
(Closes: #878554)
+ Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is
used as a library loaded into a process that operates on
interesting data, this data sometimes can be leaked
via the uninitialized palette.
(Closes: #878578)
+ Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact
via a crafted file, related to "Conditional jump or move
depends on uninitialised value(s).
(Closes: #878579).
+ Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
does not properly validate the colormap index in a WPG palette,
which allows remote attackers to cause a denial of service
(use of uninitialized data or invalid memory allocation)
or possibly have unspecified other impact via a malformed WPG file.
(Closes: #881392)
+ Fix CVE-2017-17499: use-after-free in Magick::Image::read
in Magick++/lib/Image.cpp.
(Closes: #885339)
+ Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
heap-based buffer over-read via a crafted file, related to
ReadOneMNGImage.
(Closes: #885340)
+ Fix CVE-2017-17681: an infinite loop vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c, which
allows attackers to cause a denial of service (CPU exhaustion)
via a crafted psd image file.
(Closes: #885941)
+ Fix CVE-2017-17682: large loop vulnerability was found in the
function ExtractPostscript in coders/wpg.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted wpg
image file that triggers a ReadWPGImage call.
(Closes: #885942)
+ Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error.
(Closes: #885125)
+ Fix CVE-2017-17914: a vulnerability was found in the function
ReadOnePNGImage in coders/png.c, which allows attackers to cause
a denial of service (ReadOneMNGImage large loop) via a crafted mng
image file.
(Closes: #886584)
+ Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function, related to the sixel_decode function.
(Closes: #886588)
* Fix a few unimportant security bugs:
+ Fix CVE-2017-12644 memory leak vulnerability
in ReadDCMImage in coders\dcm.c
+ Fix CVE-2017-13058 memory leak in WritePCXImage
+ Fix CVE-2017-13059 memory leak in WriteJNGImage
+ Fix CVE-2017-13060 memory leak in ReadMATImage
+ Fix CVE-2017-13062 memory leak vulnerability
found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service
(WriteMETAImage memory consumption) via a crafted file.
+ Fix CVE-2017-13131 a memory leak vulnerability
found in the function ReadMIFFImage in coders/miff.c,
which allows attackers to cause a denial of service
(memory consumption in NewLinkedList in MagickCore/linked-list.c)
via a crafted file.
+ Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
where memory allocation is excessive,
because it depends only on a length field in a header.
+ Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
because memory is not freed in certain error cases.
+ Fix CVE-2017-14139: memory leak vulnerability
in WriteMSLImage in coders/msl.c.
+ Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14326: memory leak vulnerability in the function
ReadMATImage in coders/mat.c, which allows attackers
to cause a denial of service via a crafted file.
+ Fix CVE-2017-14342: memory exhaustion vulnerability in
ReadWPGImage in coders/wpg.c via a crafted wpg image file.
+ Fix CVE-2017-14343: memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image file.
+ Fix CVE-2017-14531: memory exhaustion issue in
ReadSUNImage in coders/sun.c.
+ Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
+ Fix CVE-2017-14684: mory leak vulnerability was found in the
function ReadVIPSImage in coders/vips.c, which allows
attackers to cause a denial of service (memory consumption
in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
(Closes: #876487)
+ Fix CVE-2017-15016: a NULL pointer dereference vulnerability
in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
under Debian).
+ Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
coders/ycbcr.c.
+ Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
+ Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
+ Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
+ Fix CVE-2017-17680: a memory leak vulnerability was found in
the function ReadXPMImage in coders/xpm.c, which allows
attackers to cause a denial of service via a crafted xpm image file.
+ Fix CVE-2017-17881: a memory leak vulnerability was found in
the function ReadMATImage in coders/mat.c, which allows
attackers to cause a denial of service via a crafted MAT image file.
+ Fix CVE-2017-17882: a memory leak vulnerability was found in the
function ReadXPMImage in coders/xpm.c, which allows attackers
to cause a denial of service via a crafted XPM image file.
+ Fix CVE-2017-17883: a memory leak vulnerability was found in the
function ReadPGXImage in coders/pgx.c, which allows attackers
to cause a denial of service via a crafted PGX image file.
+ Fix CVE-2017-17884: a memory leak vulnerability was found in the
function WriteOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service via
a crafted PNG image file.
+ Fix CVE-2017-17885: a memory leak vulnerability was found
in the function ReadPICTImage in coders/pict.c, which
allows attackers to cause a denial of service via a crafted
PICT image file.
+ Fix CVE-2017-17886: a memory leak vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c,
which allows attackers to cause a denial of service
via a crafted psd image file.
+ Fix CVE-2017-17887: a memory leak vulnerability
was found in the function GetImagePixelCache in magick/cache.c,
which allows attackers to cause a denial of service via a crafted
MNG image file that is processed by ReadOneMNGImage.
+ Fix CVE-2017-17934: a memory leaks in coders/msl.c,
related to MSLPopImage and ProcessMSLScript,
and associated with mishandling of MSLPushImage calls.
+ Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
+ Fix CVE-2017-18022: memory leaks in MontageImageCommand
in MagickWand/montage.c.
+ Fix CVE-2017-18027: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18028: a memory exhaustion vulnerability
was found in the function ReadTIFFImage in coders/tiff.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18029: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial of
service via a crafted file.
+ Fix CVE-2017-6502: a specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS)
+ Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
in coders/pattern.c.
+ Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
+ Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
in coders/dcm.c.
+ Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
function in coders/json.c, as demonstrated by the
ReadPSDLayersInternal function in coders/psd.c.
* Backport fix:
+ Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak.
This allows remote attackers to cause a denial of service.
(from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium
* Bump so due to ABI problem and g++7 (Closes: #871300).
* New upstream version.
+ Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
+ Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755:
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of service (memory leak) via
a crafted file. (Closes: #870480).
+ CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12429: a memory exhaustion vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
signedness error leading to excessive memory consumption
via a crafted DCM file.
+ CVE-2017-12433: A memory leak vulnerability was found in
the function ReadPESImage in coders/pes.c, which allows attackers
to cause a denial of service, related to ResizeMagickMemory in memory.c.
(Closes: #872481)
+ CVE-2017-12418: A memory leaks was found in
the parse8BIMW and format8BIM functions in coders/meta.c,
related to the WriteImage function in MagickCore/constitute.c.
(Closes: #872498)
+ CVE-2017-12644: a memory leak vulnerability was found
in ReadDCMImage in coders\dcm.c.
* Update copyright file.
* Ship ImageMagick man file (Closes: #856997).
* Remove configuration files installed by mistake in an
experimental version (Closes: #851627).
* Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
Salvatore Bonaccorso (Closes: #864151).
imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
Date: Wed, 18 Jul 2018 12:47:06 -0400
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.2+dfsg-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 18 Jul 2018 12:47:06 -0400
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickcore-6.q16-dev libmagickwand-6.q16-6 libmagickwand-6.q16-dev libmagick++-6.q16-8 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-6 libmagickcore-6.q16hdri-6-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-6 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-8 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.10.2+dfsg-3ubuntu2
Distribution: cosmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-8 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-8 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-6 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-6-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-6 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-6-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-6 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-6 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 851627 856601 856883 856997 864151 870480 871300 872373 872481 872498 872609 873059 873099 873100 873131 873134 873871 875338 875339 875341 875352 875502 875503 875504 875506 876097 876099 876105 876487 876488 877354 877355 878506 878507 878508 878524 878527 878541 878545 878546 878547 878548 878554 878555 878562 878578 878579 878679 881392 884444 885125 885339 885340 885941 885942 886281 886584 886588 890805 891291 891420 893030 893925 893953 894848 898217 898218 903404
Changes:
imagemagick (8:6.9.10.2+dfsg-3ubuntu2) cosmic; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Drop dependency on libopenjp2-7-dev, which is needed for JPEG2000
but is not in main.
- demote libmagickcore-6.q16hdri-6-extra and libmagickcore-6.q16-6-extra
Recommends on libjxr-tools to Suggests, as it is in universe.
- SECURITY UPDATE: memory leak in XMagickCommand
- debian/patches/CVE-2018-13153.patch: free memory in magick/animate.c.
- CVE-2018-13153
- SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-201[78]*.patch: backport large number of upstream
security patches. (Note: All patches except CVE-2017-15033 have landed
upstream in 6.9.10.2).
- CVE-2017-15033
.
imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high
.
* Fix perlmagick (Closes: #903404)
.
imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium
.
* Upload to unstable
.
imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium
.
* Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
2", thanks to Sven Joachim (Closes: #893953).
* Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
Grohne (Closes: #893925).
* Move to git dpm
* Move to salsa
* SO dump
* Fix security bugs:
+ CVE-2018-9133: Excessive iteration in the DecodeLabImage
and EncodeLabImage functions (coders/tiff.c), which results
in a hang (tens of minutes) with a tiny PoC file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted tiff file.
(Closes: #894848)
+ CVE-2018-9133: SetGrayscaleImage in the quantize.c file
allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-11624: the ReadMATImage function in coders/mat.c
allows attackers to cause a use after free via a crafted file.
+ CVE-2018-11625: the SetGrayscaleImage in the quantize.c
file allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-10177: An infinite loop is present in the
ReadOneMNGImage function of the coders/png.c file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted mng file.
+ CVE-2017-14528: Tested (with and without valgrind) and found immune.
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers
to cause a denial of service (use-after-free after an invalid call
to TIFFSetField, and application crash) via a crafted file.
+ CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
(Closes: #898218).
+ CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
(Closes: #898217)
+ CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
in coders/bmp.c allow attackers to cause an out of bounds write
via a crafted file.
+ CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
allow attackers to cause an out of bounds write via a crafted file.
.
imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
.
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
.
imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high
.
* Upload to unstable (urgency high due to security issues).
.
imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high
.
* Fix FTBFS for s390x where float_t is double
.
imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
.
* New upstream version
* Packaging fix:
+ Fix privacy breach.
+ Bump compat level to 11.
+ Bump policy no changes
+ Fix lintian warnings
+ Fix "unnecessary libgraphviz-dev dependency (and graphviz
suggests?)", thanks to Matthias Klose (Closes: #884444).
+ Remove Vincent Fourmond <fourmond at debian.org> as uploader, thanks
to him. (Closes: #878679).
+ Aknowledge NMU (Closes: #856601)
* Fix a few security issues
+ Fix CVE-2017-1000445: NULL pointer dereference in
the MagickCore component and might lead to denial of service.
(Closes: #886281)
+ Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
the function ReadDDSInfo in coders/dds.c, which allows attackers
to cause a denial of service.
+ Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
has an integer signedness error leading to excessive memory
consumption via a crafted DCM file.
(Closes: #873059)
+ Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service
(Closes: #872609)
+ Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
(Closes: #875338)
+ Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
in ImageMagick allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file.
(Closes: #875339)
+ Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted BMP
(Closes: #875341)
+ Fix CVE-2017-12875: The WritePixelCachePixels function
allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file.
(Closes: #873871)
+ Fix CVE-2017-12877: Use-after-free vulnerability in
the DestroyImage function in image.c in ImageMagick allows
remote attackers to cause a denial of service via a crafted file.
(Closes: #872373)
+ Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
attackers to cause a denial of service (application crash)
or possibly have unspecified other impact via a crafted file.
(Closes: #873134)
+ Fix CVE-2017-13061: A length-validation vulnerability was found
in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service
(ReadPSDImage memory exhaustion) via a crafted file
(Closes: #873131)
+ Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
(Closes: #873100)
+ Fix CVE-2017-13134: a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers
to cause a denial of service via a crafted file.
(Closes: #873099)
+ Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
function in MagickCore/draw.c.
(Closes: #878508)
+ Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
function in MagickCore/identify.c in ImageMagick allows an attacker
to perform denial of service by sending a crafted image file.
(Closes: #875352)
+ Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
coders/thumbnail.c allows an attacker to cause a denial of service
(buffer over-read) by sending a crafted JPEG file.
(Closes: #878507)
+ Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
ReadCUTImage function in coders/cut.c that could allow an attacker
to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
function within the MagickCore/cache.c file) by submitting
a malformed image file.
(Closes: #878506)
+ Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
due to lack of an EOF (End of File) check cause high CPU consumption.
When a crafted PSD file, which claims a large "extent" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875506)
+ Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
an integer overflow might occur for the addition operation
"GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
value than expected. As a result, an infinite loop would occur
for a crafted TXT file that claims a very large "max_value" value.
(Closes: #875504)
+ Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted PSD file, which claims a large "length" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875503)
+ Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted XBM file, which claims large rows and columns fields
in the header but does not contain sufficient backing data,
is provided, the loop over the rows would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875502)
+ Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
in coders/pcx.c allows remote attackers to cause a denial
of service or code execution via a crafted file.
(Closes: #876097)
+ Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c,
allowing remote attackers to cause a denial of service
via a crafted file.
(Closes: #876099)
+ Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
in coders/wpg.c, causing CPU exhaustion via a crafted
wpg image file.
(Closes: #876105)
+ Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
mishandles the pixel cache nexus, which allows remote attackers
to cause a denial of service (NULL pointer dereference
in the function GetVirtualPixels in MagickCore/cache.c)
via a crafted file.
(Closes: #878546)
+ Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
mishandles certain NULL arrays, which allows attackers to perform
Denial of Service (NULL pointer dereference and application crash in
AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input.
(Closes: #878545)
+ Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
in coders/tiff.c.
(Closes: #878541)
+ Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
has been reported in coders/tiff.c. An attacker could possibly
exploit this flaw to disclose potentially sensitive memory
or cause an application crash.
(Closes: #878527)
+ Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
in the function PostscriptDelegateMessage in coders/ps.c.
(Closes: #877354)
+ Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
in the function sixel_output_create in coders/sixel.c.
(Closes: #877355)
+ Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
in the function sixel_decode in coders/sixel.c.
(Closes: #878524)
+ Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability
than CVE-2017-10928.
(Closes: #876488)
+ Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
function in magick/resample-private.h in ImageMagick
mishandles failed memory allocation, which allows
remote attackers to cause a denial of service
(NULL Pointer Dereference in DistortImage in
MagickCore/distort.c, and application crash)
via unspecified vectors.
(Closes: #878547)
+ Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
allows remote attackers to cause a denial of service
(infinite loop) via a crafted font file.
(Closes: #878548)
+ Fix CVE-2017-14989: A use-after-free in RenderFreetype
in MagickCore/annotate.c allows attackers to crash the application
via a crafted font file, because the FT_Done_Glyph function
(from FreeType 2) is called at an incorrect place in the ImageMagick code.
(Closes: #878562)
+ Fix CVE-2017-15015: NULL pointer dereference vulnerability in
PDFDelegateMessage in coders/pdf.c.
(Closes: #878555)
+ Fix CVE-2017-15017: NULL pointer dereference vulnerability
in ReadOneMNGImage in coders/png.c.
(Closes: #878554)
+ Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is
used as a library loaded into a process that operates on
interesting data, this data sometimes can be leaked
via the uninitialized palette.
(Closes: #878578)
+ Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact
via a crafted file, related to "Conditional jump or move
depends on uninitialised value(s).
(Closes: #878579).
+ Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
does not properly validate the colormap index in a WPG palette,
which allows remote attackers to cause a denial of service
(use of uninitialized data or invalid memory allocation)
or possibly have unspecified other impact via a malformed WPG file.
(Closes: #881392)
+ Fix CVE-2017-17499: use-after-free in Magick::Image::read
in Magick++/lib/Image.cpp.
(Closes: #885339)
+ Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
heap-based buffer over-read via a crafted file, related to
ReadOneMNGImage.
(Closes: #885340)
+ Fix CVE-2017-17681: an infinite loop vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c, which
allows attackers to cause a denial of service (CPU exhaustion)
via a crafted psd image file.
(Closes: #885941)
+ Fix CVE-2017-17682: large loop vulnerability was found in the
function ExtractPostscript in coders/wpg.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted wpg
image file that triggers a ReadWPGImage call.
(Closes: #885942)
+ Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error.
(Closes: #885125)
+ Fix CVE-2017-17914: a vulnerability was found in the function
ReadOnePNGImage in coders/png.c, which allows attackers to cause
a denial of service (ReadOneMNGImage large loop) via a crafted mng
image file.
(Closes: #886584)
+ Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function, related to the sixel_decode function.
(Closes: #886588)
* Fix a few unimportant security bugs:
+ Fix CVE-2017-12644 memory leak vulnerability
in ReadDCMImage in coders\dcm.c
+ Fix CVE-2017-13058 memory leak in WritePCXImage
+ Fix CVE-2017-13059 memory leak in WriteJNGImage
+ Fix CVE-2017-13060 memory leak in ReadMATImage
+ Fix CVE-2017-13062 memory leak vulnerability
found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service
(WriteMETAImage memory consumption) via a crafted file.
+ Fix CVE-2017-13131 a memory leak vulnerability
found in the function ReadMIFFImage in coders/miff.c,
which allows attackers to cause a denial of service
(memory consumption in NewLinkedList in MagickCore/linked-list.c)
via a crafted file.
+ Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
where memory allocation is excessive,
because it depends only on a length field in a header.
+ Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
because memory is not freed in certain error cases.
+ Fix CVE-2017-14139: memory leak vulnerability
in WriteMSLImage in coders/msl.c.
+ Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14326: memory leak vulnerability in the function
ReadMATImage in coders/mat.c, which allows attackers
to cause a denial of service via a crafted file.
+ Fix CVE-2017-14342: memory exhaustion vulnerability in
ReadWPGImage in coders/wpg.c via a crafted wpg image file.
+ Fix CVE-2017-14343: memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image file.
+ Fix CVE-2017-14531: memory exhaustion issue in
ReadSUNImage in coders/sun.c.
+ Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
+ Fix CVE-2017-14684: mory leak vulnerability was found in the
function ReadVIPSImage in coders/vips.c, which allows
attackers to cause a denial of service (memory consumption
in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
(Closes: #876487)
+ Fix CVE-2017-15016: a NULL pointer dereference vulnerability
in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
under Debian).
+ Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
coders/ycbcr.c.
+ Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
+ Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
+ Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
+ Fix CVE-2017-17680: a memory leak vulnerability was found in
the function ReadXPMImage in coders/xpm.c, which allows
attackers to cause a denial of service via a crafted xpm image file.
+ Fix CVE-2017-17881: a memory leak vulnerability was found in
the function ReadMATImage in coders/mat.c, which allows
attackers to cause a denial of service via a crafted MAT image file.
+ Fix CVE-2017-17882: a memory leak vulnerability was found in the
function ReadXPMImage in coders/xpm.c, which allows attackers
to cause a denial of service via a crafted XPM image file.
+ Fix CVE-2017-17883: a memory leak vulnerability was found in the
function ReadPGXImage in coders/pgx.c, which allows attackers
to cause a denial of service via a crafted PGX image file.
+ Fix CVE-2017-17884: a memory leak vulnerability was found in the
function WriteOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service via
a crafted PNG image file.
+ Fix CVE-2017-17885: a memory leak vulnerability was found
in the function ReadPICTImage in coders/pict.c, which
allows attackers to cause a denial of service via a crafted
PICT image file.
+ Fix CVE-2017-17886: a memory leak vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c,
which allows attackers to cause a denial of service
via a crafted psd image file.
+ Fix CVE-2017-17887: a memory leak vulnerability
was found in the function GetImagePixelCache in magick/cache.c,
which allows attackers to cause a denial of service via a crafted
MNG image file that is processed by ReadOneMNGImage.
+ Fix CVE-2017-17934: a memory leaks in coders/msl.c,
related to MSLPopImage and ProcessMSLScript,
and associated with mishandling of MSLPushImage calls.
+ Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
+ Fix CVE-2017-18022: memory leaks in MontageImageCommand
in MagickWand/montage.c.
+ Fix CVE-2017-18027: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18028: a memory exhaustion vulnerability
was found in the function ReadTIFFImage in coders/tiff.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18029: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial of
service via a crafted file.
+ Fix CVE-2017-6502: a specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS)
+ Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
in coders/pattern.c.
+ Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
+ Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
in coders/dcm.c.
+ Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
function in coders/json.c, as demonstrated by the
ReadPSDLayersInternal function in coders/psd.c.
* Backport fix:
+ Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak.
This allows remote attackers to cause a denial of service.
(from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
.
imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium
.
* Bump so due to ABI problem and g++7 (Closes: #871300).
* New upstream version.
+ Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
+ Fix CVE-2017-11751, CVE-2017-11754 and CVE-2017-11755:
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of service (memory leak) via
a crafted file. (Closes: #870480).
+ CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12429: a memory exhaustion vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
signedness error leading to excessive memory consumption
via a crafted DCM file.
+ CVE-2017-12433: A memory leak vulnerability was found in
the function ReadPESImage in coders/pes.c, which allows attackers
to cause a denial of service, related to ResizeMagickMemory in memory.c.
(Closes: #872481)
+ CVE-2017-12418: A memory leaks was found in
the parse8BIMW and format8BIM functions in coders/meta.c,
related to the WriteImage function in MagickCore/constitute.c.
(Closes: #872498)
+ CVE-2017-12644: a memory leak vulnerability was found
in ReadDCMImage in coders\dcm.c.
* Update copyright file.
* Ship ImageMagick man file (Closes: #856997).
* Remove configuration files installed by mistake in an
experimental version (Closes: #851627).
* Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
Salvatore Bonaccorso (Closes: #864151).
.
imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
Checksums-Sha1:
f89aadaba9577018a59df84e7e10ccf8dcadc63e 5170 imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
68626580b67d5736a9e8cfcfed448128d16c4c60 9054712 imagemagick_6.9.10.2+dfsg.orig.tar.xz
43f217457a40f4fc6cecd940b35f017ccd8f5482 223348 imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
36a79a7ec5051b730a8f3cb8948a2b4ab3e010d7 8046 imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Checksums-Sha256:
85fce031abbd31aa9e69acc9ff2a058faf335f86bcdbb14edb08ea24c5b27112 5170 imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
69cdaefff8c0a9e4aa3a90ae051f9f2b0e7245e804597ed7dfe04b08e784f858 9054712 imagemagick_6.9.10.2+dfsg.orig.tar.xz
03521eee8902b781659172c7aca9a8a90b60711808f4c8b75545bde91d6cc763 223348 imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
a79d6f3b13c6b68c1e337f89f6582b7ea449b35c9b688209cf91a3305c0d2e5e 8046 imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Files:
9430025bca8e97873bbd96c022480447 5170 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2.dsc
03880166425e5d4e8cb85390fc920eba 9054712 graphics optional imagemagick_6.9.10.2+dfsg.orig.tar.xz
206df10225bb3e493057dd07f8109561 223348 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2.debian.tar.xz
b4f2850aca173a253ba98e3b64735421 8046 graphics optional imagemagick_6.9.10.2+dfsg-3ubuntu2_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENRbRpb8Ad+cUFOGXFbmz7g3N+AYFAltQ0NkACgkQFbmz7g3N
+AZc1xAAoWh18y9WFpwg6UhWQR5QxLuBzJ5XeaD/BEy3WXH5sJjgv3xeleM7O+vR
Z0JwkQ9a0Ty6MjPaznllN0TLdtBMhhFInE4b/7YiFi2YJTZdjwjnYCZ5G7a+j65t
yLu2guvCVi0aTwW7N8tfze6N5ErhWjh2KmUUsN17O6At+kphAMFFYVG1eX56Bm64
X6WLfE+Hkw8TgjzTCMRVcm8Vp/wQ00gpljlsYqQYtifUIDzlAwzZNmGlhHyTOmlv
uLcuVipIQycj7B3dQPDJ6vGbxa6IzGPFUF6AmNr48xzpfLnDlOW4tH7/7XHp0Ql5
yguC5U1kGtTwFGhaRoF68EKKS3r98q4lgUwx3saO3r9MujoFOFws2B34aiK+vBoS
OL2XYTWslfUJy5gBpspA2oQA4nYf/uoBIz1vJqBO03mC+qGWLcutuE2GItkQd+5E
SnorwM7YAuVmiFESW/k+BWJyEIq7BFkILscoYJq1jPtBsw3KEEHtXsK3LrMnahlN
uRGAovoY/D3ccbROSK+IU+S22eFKqUiuvZdEaFW1t1ZJ0Cq3hu0hvQjgeRx21JXx
tEUvOgCdaDqprctAAdXwKOrTd/6Y06FWqyFu39dqahY5MKvUQWadWQVbtZH1T4f3
V7VUK3F3UQeCBeD4+iZpaaVP5Sysi0XGBdm8aqpi1Z48pESK8pc=
=+6JY
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list