[ubuntu/xenial-updates] graphicsmagick 1.3.23-1ubuntu0.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Dec 16 17:28:16 UTC 2019

graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference in WriteMAPImage()
    - debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer
      dereference or SEGV if input is not colormapped.
    - CVE-2017-11638
    - CVE-2017-11642
  * SECURITY UPDATE: Memory leak in PersistCache()
    - debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick
      Persistent Cache format.
    - CVE-2017-11641
  * SECURITY UPDATE: Heap overflow in WriteCMYKImage()
    - debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11643
  * SECURITY UPDATE: Invalid memory read in SetImageColorCallBack()
    - debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions
      (over 65535).
    - CVE-2017-12935
  * SECURITY UPDATE: Use-after-free in ReadWMFImage()
    - debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap
      data in error reporting path.
    - CVE-2017-12936
  * SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage()
    - debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing
      colormap in bilevel decoder.
    - CVE-2017-12937
  * SECURITY UPDATE: Heap-based buffer overflow vulnerability 
    - debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix
      buffer-overflow and inconsistent behavior in GetStyleTokens().
    - CVE-2017-13063
    - CVE-2017-13064
    - CVE-2017-13065
  * SECURITY UPDATE: Heap-based buffer over-read in SFWScan
    - debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in
    - CVE-2017-13134
  * SECURITY UPDATE: Invalid free in MagickFree()
    - debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round
      down, rather than up.
    - CVE-2017-13737
  * SECURITY UPDATE: DoS in ReadJNXImage()
    - debian/patches/CVE-2017-13775.patch: Fix DOS issues.
    - CVE-2017-13775
  * SECURITY UPDATE: DoS in ReadXBMImage()
    - debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues.
    - CVE-2017-13776
    - CVE-2017-13777

Date: 2019-12-16 14:52:14.979278+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list