[ubuntu/xenial-security] graphicsmagick 1.3.23-1ubuntu0.6 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Tue Feb 4 18:54:02 UTC 2020

graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
    - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
      reading heap data beyond the allocated size.
    - CVE-2017-17912
  * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
    - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
      the image pointer provided by libwebp is valid.
    - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
      0.5.0+ by disabling progress indication.
    - CVE-2017-17913
  * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
    - debian/patches/CVE-2017-17915.patch: Check range limit before accessing
      byte to avoid minor heap read overflow.
    - CVE-2017-17915
  * SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
    - debian/patches/CVE-2017-18219.patch: check MemoryResource before
      attempting to allocate ping_pixels array.
    - CVE-2017-18219
  * SECURITY UPDATE: Allocation failure in ReadTIFFImage()
    - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
      tile memory allocation requests based on file size.
    - CVE-2017-18229
  * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
    - debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
    - CVE-2017-18230
  * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
    - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
    - CVE-2017-18231

Date: 2020-02-04 17:55:15.020890+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list