[ubuntu/xenial-security] graphicsmagick 1.3.23-1ubuntu0.2 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Mon Dec 2 18:58:37 UTC 2019 

graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in
      coders/png.c
    - CVE-2017-13147
  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify
      sufficient backing file data before memory request.
    - CVE-2017-14042
  * SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples
    per pixel value in a CMYKA TIFF file.
    - debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading
      CMYKA tiff which claims wrong samples/pixel.
    - CVE-2017-6335
  * SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with
    metadata.
    - debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce
      that buffer overflow can not happen while importing pixels.
    - CVE-2017-10794
  * SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with
    metadata.
    - debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized
      based on header, and reject files with insufficient data.
    - CVE-2017-10799
  * SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length
    color_image data structure.
    - debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image
      while reading a JNG.
    - CVE-2017-11102
  * SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file.
    - debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first
      scanline.
    - CVE-2017-11140
  * SECURITY UPDATE: Use-after-free via a crafted MNG file.
    - debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and
      DestroyImageList() that caused a use-after-free crash.
    - debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free.
    - CVE-2017-11403
  * SECURITY UPDATE: Heap overflow when processing multiple frames that have
    non-identical widths.
    - debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11636
  * SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function. 
    - debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in
      writing monochrome images.
    - CVE-2017-11637

Date: 2019-12-02 17:10:16.441687+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list