Change log for imagemagick package in Debian
| 1 → 75 of 172 results | First • Previous • Next • Last |
| Published in sid-release |
imagemagick (8:7.1.1.43+dfsg1-1) unstable; urgency=medium * New upstream version * Allow smooth upgrade (Closes: #1087309) * Fix documentation (Closes: #1034333) -- Bastien Roucariès <email address hidden> Sun, 29 Dec 2024 11:21:15 +0000
Available diffs
| Superseded in sid-release |
imagemagick (8:7.1.1.39+dfsg1-3) unstable; urgency=medium
[ Bastien Roucariès]
* Fix imagemagick: .pc files contains -lfftw3
but no libfftw3-dev dependency (Closes: #1064658)
[ Helmut Grohne ]
* Fix FTCBFS: (Closes: #1086784). Thanks to Helmut
Grohne.
+ Drop versioned g++ dependency satisfied in buster.
+ Export PERL5LIB for cross building.
+ Use the installed convert for generating the icons cache.
-- Bastien Roucariès <email address hidden> Tue, 12 Nov 2024 17:39:35 +0000
Available diffs
| Superseded in sid-release |
imagemagick (8:7.1.1.39+dfsg1-2) unstable; urgency=medium
* Add dejavu font to test for gd
* Fix autopkgtest by finding a suitable font is default font is
not found.
-- Bastien Roucariès <email address hidden> Tue, 29 Oct 2024 16:54:08 +0000
Available diffs
| Superseded in sid-release |
imagemagick (8:7.1.1.39+dfsg1-1) unstable; urgency=medium * New upstream version * Upload to unstable -- Bastien Roucariès <email address hidden> Sun, 27 Oct 2024 18:45:43 +0000
Available diffs
| Published in bullseye-release |
imagemagick (8:6.9.11.60+dfsg-1.3+deb11u4) bullseye; urgency=medium * CVE-2023-34151 fix was incomplete (Closes: #1070340) * Fix variation of CVE-2023-1289 found by testing. * Fix CVE-2021-20312: Fix a divide by zero (Closes: #1013282) * Fix CVE-2021-20313: Fix a divide by zero -- Bastien Roucariès <email address hidden> Thu, 11 Jul 2024 16:52:37 +0000
| Published in bookworm-release |
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u2) bookworm; urgency=medium * CVE-2023-34151 fix was incomplete (Closes: #1070340) * Fix variation of CVE-2023-1289 found by testing. -- Bastien Roucariès <email address hidden> Thu, 11 Jul 2024 10:48:47 +0000
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:7.1.1.33+dfsg1-2) experimental; urgency=medium * Sourcefull rebuild * Bump policy no changes * Add :any anotation -- Bastien Roucariès <email address hidden> Thu, 22 Aug 2024 10:11:37 +0000
| Superseded in experimental-release |
imagemagick (8:7.1.1.33+dfsg1-1) experimental; urgency=medium * New major version (Closes: #929825) -- Bastien Roucariès <email address hidden> Tue, 20 Aug 2024 20:49:37 +0000
| Superseded in bullseye-release |
imagemagick (8:6.9.11.60+dfsg-1.3+deb11u3) bullseye-security; urgency=medium
* Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
* Fix an heap buffer overflow in TIFF coder
* Fix uninitialised value passing in TIFFGetField
* Fix stack overflow in TIFF coder
* Early exit in case of malformed TIFF file
* Fix buffer overrun in TIFF coder
* Fix unitialised value in TIFF coder
* Fix CVE-2022-1115: Heap based overflow in
TIFF coder (Closes: #1013282)
* Fix uninitialised value in TIFF coders
* Use salsa-ci
* Fix CVE-2023-1289: A specially created SVG file loaded itself and
causes a segmentation fault. This flaw allows a remote attacker
to pass a specially crafted SVG file that leads to a segmentation
fault, generating many trash files in "/tmp," resulting in
a denial of service. When ImageMagick crashes,
it generates a lot of trash files. These trash files
can be large if the SVG file contains many render actions.
In a denial of service attack, if a remote attacker uploads an SVG file
of size t, ImageMagick generates files of size 103*t.
If an attacker uploads a 100M SVG, the server will generate about 10G.
* Fix CVE-2023-1906: A heap-based buffer overflow issue was
discovered in ImageMagick's ImportMultiSpectralQuantum() function
in MagickCore/quantum-import.c. An attacker could pass specially
crafted file to convert, triggering an out-of-bounds read error,
allowing an application to crash, resulting in a denial of service.
* Fix CVE-2023-34151: Imagemagick was vulnerable due to
an undefined behaviors of casting double to size_t in svg, mvg
and other coders. (Closes: #1036999)
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c in ImageMagick. This issue
may allow a local attacker to trick the user into opening
a specially crafted file, resulting in an application crash
and denial of service.
* Fix CVE-2023-5341: A heap use-after-free flaw was found in
coders/bmp.c
-- Bastien Roucariès <email address hidden> Sat, 17 Feb 2024 15:31:24 +0000
| Superseded in bookworm-release |
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u1) bookworm-security; urgency=high
* Acknowledge NMU
* Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
* Fix an heap buffer overflow in TIFF coder
* Fix uninitialised value passing in TIFFGetField
* Fix stack overflow in TIFF coder
* Early exit in case of malformed TIFF file
* Fix buffer overrun in TIFF coder
* Fix unitialised value in TIFF coder
* Fix CVE-2022-1115: Heap based overflow in
TIFF coder (Closes: #1013282)
* Fix uninitialised value in TIFF coders
* Use salsa-ci
* Fix CVE-2023-1289: A specially created SVG file loaded itself and
causes a segmentation fault. This flaw allows a remote attacker
to pass a specially crafted SVG file that leads to a segmentation
fault, generating many trash files in "/tmp," resulting in
a denial of service. When ImageMagick crashes,
it generates a lot of trash files. These trash files
can be large if the SVG file contains many render actions.
In a denial of service attack, if a remote attacker uploads an SVG file
of size t, ImageMagick generates files of size 103*t.
If an attacker uploads a 100M SVG, the server will generate about 10G.
* Fix CVE-2023-1906: A heap-based buffer overflow issue was
discovered in ImageMagick's ImportMultiSpectralQuantum() function
in MagickCore/quantum-import.c. An attacker could pass specially
crafted file to convert, triggering an out-of-bounds read error,
allowing an application to crash, resulting in a denial of service.
* Fix CVE-2023-34151: Imagemagick was vulnerable due to
an undefined behaviors of casting double to size_t in svg, mvg
and other coders. (Closes: #1036999)
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c in ImageMagick. This issue
may allow a local attacker to trick the user into opening
a specially crafted file, resulting in an application crash
and denial of service.
* Fix CVE-2023-5341: A heap use-after-free flaw was found in
coders/bmp.c
-- Bastien Roucariès <email address hidden> Mon, 12 Feb 2024 20:15:47 +0000
| Superseded in sid-release |
imagemagick (8:6.9.13.12+dfsg1-1) unstable; urgency=medium
* New upstream version
* Acknowledge NMU
* Drop time-to-live-returned-incorrect-results-when-SOURCE_.patch
applied upstream.
* use pkgconf instead of pkg-config
* Close variation of CVE-2023-34151 (Closes: #1070340)
* Libmagick++-6.q16-dev included assert.h inside namespace.
(Closes: #969128)
-- Bastien Roucariès <email address hidden> Fri, 28 Jun 2024 16:37:24 +0000
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-5.2) unstable; urgency=medium
* Non-maintainer upload.
* Fixup runtime dependencies due to 64-bit time_t transition
(Closes: #1066935)
-- Gianfranco Costamagna <email address hidden> Fri, 15 Mar 2024 16:04:36 +0100
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-5.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064140 -- Steve Langasek <email address hidden> Fri, 01 Mar 2024 01:31:19 +0000
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.12.98+dfsg1-5.1~exp1) experimental; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. -- Steve Langasek <email address hidden> Sat, 17 Feb 2024 17:03:12 +0000
| Superseded in bullseye-release |
imagemagick (8:6.9.11.60+dfsg-1.3+deb11u2) bullseye; urgency=medium
* Fix CVE-2021-3574: memory leak was found in TIFF coder
* Fix CVE-2021-4219: a special crafted file could lead to a DOS.
* Fix CVE-2021-20241 / CVE-2021-20243: divide by zero in
some coders (Closes: #1013282)
* Fix CVE-2021-20244: Fix a divide by zero in visual-effects.c
* Fix CVE-2021-20245: Fix a divide by zero in webp coder
* Fix CVE-2021-20246: Fix a divide by zero in resample code.
* Fix CVE-2021-20309: Fix a divide by zero in WaveImage function.
* Fix CVE-2021-39212: Postscript files could be read and written
when specifically excluded by a module policy in policy.xml file.
(Closes: #996588)
* Fix CVE-2022-1114: Heap use after free in RelinquishDCMInfo()
(Closes: #1013282)
* Fix CVE-2022-28463: Buffer overflow in cin coder.
* Fix CVE-2022-32545: Value outside the range of unsigned char
(Closes: #1016442)
* Fix CVE-2022-32546: Value outside the range of representable
values of type 'unsigned long' at coders/pcl.c,
* Use Salsa CI
-- Bastien Roucariès <email address hidden> Fri, 29 Dec 2023 11:18:56 +0000
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-5) unstable; urgency=medium
* Bug fix: "please update Suggests: imagemagick-doc; to
imagemagick-6-doc", thanks to Vincent Lefevre
(Closes: #1059314).
* Bug fix: "missing Breaks+Replaces against the dropped imagemagick-doc
package, in order to force its removal", thanks to Vincent Lefevre
(Closes: #1059193).
-- Bastien Roucariès <email address hidden> Wed, 27 Dec 2023 10:29:58 +0000
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-4) unstable; urgency=medium
* Replace ufraw-batch suggest by libraw-bin
(Closes: #1038637)
* Update changelog entry for CVE fixed.
* Move from gsfonts to fonts-urw-base35. Thanks to Vincent Lefevre
(Closes: #1020358, #1020355, #1020363, #1020370)
* Recommends fonts-tuffy (Closes: #1054580)
* Fix a typo in debian patch (Closes: #1054506)
-- Bastien Roucariès <email address hidden> Mon, 30 Oct 2023 09:26:06 +0000
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-3) unstable; urgency=medium
* Bug fix: "imagemagick no longer sets
"PACKAGE_RELEASE_DATE", thanks to Håvard F. Aasen (Closes:
#1054462).
* Bug fix: "reproducible builds: Embeds different paths on usrmerge
system", thanks to Vagrant Cascadian (Closes: #983303).
-- Bastien Roucariès <email address hidden> Wed, 25 Oct 2023 23:30:18 +0000
| Superseded in sid-release |
imagemagick (8:6.9.12.98+dfsg1-2) unstable; urgency=medium * Upload to unstable -- Bastien Roucariès <email address hidden> Sun, 22 Oct 2023 15:35:30 +0000
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.12.98+dfsg1-1) experimental; urgency=medium
* New upstream version
* Drop package imagemagick-doc and imagemagick-common
* Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
was found in coders/tiff.c. This issue may allow a local attacker
to trick the user into opening a specially crafted file,
resulting in an application crash and denial of service.
* CVE-2023-3745: A heap-based buffer overflow issue
was found in ImageMagick's PushCharPixel() function
in quantum-private.h. This issue may allow a local
attacker to trick the user into opening a specially crafted file,
triggering an out-of-bounds read error and allowing an application
to crash, resulting in a denial of service.
* Import patch for upstream that avoid a FTBFS due to
SOURCE_DATE_EPOCH set
* Use a debian policy. Install other policies as user
convenience.
-- Bastien Roucariès <email address hidden> Sat, 21 Oct 2023 14:40:53 +0000
| Superseded in bullseye-release |
imagemagick (8:6.9.11.60+dfsg-1.3+deb11u1) bullseye-security; urgency=medium * Fix CVE-2022-44267 / CVE-2022-44268 -- Moritz Mühlenhoff <email address hidden> Fri, 03 Feb 2023 18:59:42 +0100
imagemagick (8:6.9.11.60+dfsg-1.6) unstable; urgency=high * Non-maintainer upload [ Moritz Mühlenhoff ] * Fix CVE-2022-44267 / CVE-2022-44268 (Closes: #1030767) (LP: #2004580) -- Jeremy Bicha <email address hidden> Thu, 16 Feb 2023 16:06:07 -0500
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high
* Non-maintainer upload
[ Nishit Majithia ]
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
to fix division by zeros in coders/jp2.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20245.patch: Avoid division by zero in
oders/webp.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- CVE-2021-20241
- CVE-2021-20243
- CVE-2021-20244
- CVE-2021-20245
- CVE-2021-20246
- CVE-2021-20309
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312
- CVE-2021-20313
* SECURITY UPDATE: memory leaks when executing convert command
- debian/patches/CVE-2021-3574.patch: fix memory leaks
- CVE-2021-3574
* SECURITY UPDATE: Security Issue when Configuring the ImageMagick
Security Policy
- debian/patches/CVE-2021-39212.patch: Added missing policy checks in
RegisterStaticModules
- CVE-2021-39212 (Closes: #996588)
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2021-4219.patch: fix denial of service
- CVE-2021-4219
* SECURITY UPDATE: use-after-free in magick
- debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
dcm.c
- CVE-2022-1114
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463 (Closes: #1013282)
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32545
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547 (Closes: #1016442)
-- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 21:50:44 -0500
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.11.60+dfsg-1.4) unstable; urgency=medium
* Non-maintainer upload.
[ Vagrant Cascadian ]
* debian/rules: Pass MVDelegate and RMDelegate to configure. (Closes:
#983303)
-- Paul Gevers <email address hidden> Sat, 31 Dec 2022 22:36:57 +0100
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.12.20+dfsg1-1.2) experimental; urgency=medium
* Non-maintainer upload.
* Build with --with-fftw because fftw is disabled by default since 6.9.12.5
(Closes: #995290)
-- Johannes Schauer Marin Rodrigues <email address hidden> Tue, 05 Oct 2021 15:08:20 +0200
| Superseded in experimental-release |
imagemagick (8:6.9.12.20+dfsg1-1.1) experimental; urgency=medium
* Non-maintainer upload.
* Fix FTBFS when doing arch:any-only builds by creating font symlinks for
configure-indep as well as configure-arch targets
-- Johannes Schauer Marin Rodrigues <email address hidden> Sat, 04 Sep 2021 19:37:54 +0200
| Superseded in experimental-release |
imagemagick (8:6.9.12.20+dfsg1-1) experimental; urgency=medium
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Set field Upstream-Contact in debian/copyright.
* Remove obsolete field Contact from debian/upstream/metadata (already present
in machine-readable debian/copyright).
* Avoid explicitly specifying -Wl,--as-needed linker flag.
* Fix field name case in debian/control (Built-using => Built-Using).
* Bump debhelper from old 11 to 13.
* Set debhelper-compat version in Build-Depends.
* Update standards version to 4.5.1, no changes needed.
* Acknowledge NMU. Thanks Salvatore Bonaccorso
* New upstream version
* SO Bump from upstream due to structure incompatibility
* Clean up maintainer scripts
* Use fonts from fonts-tuffy
* Fix mime type. Do not quote %s (Closes: #987691) and fix extra dot
(Closes: #986471)
* Drop old config script. Use pkgconfig please.
* Depends on libraw-dev (Closes: #990028).
* Fix invalid policy.xml (Closes: #991289, #990757).
* Relax a little bit policy.xml (Closes: #860763, #941724).
* Update Repository in debian/upstream/metadata (Closes: #991288)
* Fix reproducible builds: Embeds date dependent on timezone
(Closes: #983302)
-- Bastien Roucariès <email address hidden> Fri, 27 Aug 2021 08:19:42 +0000
imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* autopkgtest: Drop PDF related tests which will fail after disabling
ghostscript handled formats by default (Closes: #987247)
-- Salvatore Bonaccorso <email address hidden> Tue, 20 Apr 2021 16:37:59 +0200
Available diffs
| Superseded in sid-release |
imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium * Non-maintainer upload. * Disable ghostscript handled formats based on -SAFER insecurity -- Salvatore Bonaccorso <email address hidden> Mon, 19 Apr 2021 20:16:51 +0200
| Superseded in sid-release |
imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium * Non-maintainer upload. * Import upstream patch to fix font size (Closes: #980202). -- Jochen Sprickerhof <email address hidden> Tue, 13 Apr 2021 20:58:45 +0200
| Superseded in sid-release |
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
- Bug fix: "gscan2pdf tests fail", thanks to Sergio Durigan Junior
(Closes: #980202).
-- Bastien Roucariès <email address hidden> Mon, 01 Feb 2021 16:22:02 +0000
| Superseded in sid-release |
imagemagick (8:6.9.11.58+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix error on i386 with php
* Bug fix (workarround): "Many doubled www/www; broken links on
index.html", thanks to 積丹尼 Dan Jacobson (Closes: #978138).
-- Bastien Roucariès <email address hidden> Fri, 22 Jan 2021 21:59:16 +0000
| Superseded in sid-release |
imagemagick (8:6.9.11.57+dfsg-1) unstable; urgency=medium
* New upstream version:
- Bug fix: "CVE-2020-29599", imagemagick mishandles the
-authenticate option, which allows setting a password
for password-protected PDF files. The user-controlled
password was not properly escaped/sanitized and it
was therefore possible to inject additional shell commands
via coders/pdf.c. Thanks to Salvatore Bonaccorso
(Closes: #977205).
- Bug fix: "CVE-2020-27560: Division by Zero in function
OptimizeLayerFrames", thanks to Salvatore Bonaccorso
(Closes: #972797).
* Fix dh_doxygen FTBFS (Closes: #971216)
-- Bastien Roucariès <email address hidden> Mon, 11 Jan 2021 22:14:26 +0000
| Published in buster-release |
imagemagick (8:6.9.10.23+dfsg-2.1+deb10u1) buster-security; urgency=medium
* CVE-2019-10649
* CVE-2019-11470 (Closes: #927830)
* CVE-2019-11472 (Closes: #927828)
* CVE-2019-11597 (Closes: #928207)
* CVE-2019-11598 (Closes: #928206)
* CVE-2019-12974 (Closes: #931196)
* CVE-2019-12975 (Closes: #931193)
* CVE-2019-12976 (Closes: #931192)
* CVE-2019-12977 (Closes: #931191)
* CVE-2019-12978 (Closes: #931190)
* CVE-2019-12979 (Closes: #931189)
* CVE-2019-13135 (Closes: #932079)
* CVE-2019-13137 (Closes: #931342)
* CVE-2019-13295 (Closes: #931457)
* CVE-2019-13297 (Closes: #931455)
* CVE-2019-13300 (Closes: #931454)
* CVE-2019-13301
* CVE-2019-13304 (Closes: #931453)
* CVE-2019-13305 (Closes: #931452)
* CVE-2019-13307 (Closes: #931448)
* CVE-2019-13308 (Closes: #931447)
* CVE-2019-13309
* CVE-2019-13311
* CVE-2019-13454 (Closes: #931740)
* CVE-2019-14981 (Closes: #955025)
* CVE-2019-15139 (Closes: #941670)
* CVE-2019-15140 (Closes: #941671)
* CVE-2019-16708
* CVE-2019-16710
* CVE-2019-16711
* CVE-2019-16713
* CVE-2019-7175
* CVE-2019-7395
* CVE-2019-7396
* CVE-2019-7397
* CVE-2019-7398
* CVE-2019-19948 (Closes: #947308)
* CVE-2019-19949 (Closes: #947309)
Thanks for Marc Deslauriers for patches from the 19.10 USN update (same base version)
-- Moritz Mühlenhoff <email address hidden> Thu, 25 Jun 2020 20:00:40 +0200
| Superseded in sid-release |
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
* New upstream version:
- Fix CVE-2019-11470: Cineon image parsing DOS (Closes: #927830).
- Fix CVE-2019-11472: XWD image parsing DOS (Closes: #927828).
- Fix CVE-2020-13902: Heap based overflow in TIFF image decoding.
(Closes: #928207).
- Fix CVE-2019-11598: Heap-based buffer over-read in PNM image
decoding (Closes: #928206).
- Fix CVE-2019-12974: NULL pointer dereference in pango coder.
(Closes: #931196).
- Fix CVE-2019-12977: use of uninitialized value" vulnerability
in the WriteJP2Image of jp2 coder (Closes: #931191).
- Fix CVE-2019-12978: use of uninitialized value" vulnerability
in the pango coder. (Closes: #931190).
- Fix CVE-2019-12979: use of uninitialized value" vulnerability
in MagickCore/image.c (Closes: #931189).
- Fix CVE-2019-13135: use of uninitialized value" vulnerability
in the cut coder (Closes: #932079).
- Fix CVE-2019-13295: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931457).
- Fix CVE-2019-13297: Heap-based buffer over-read in
MagickCore/threshold.c (Closes: #931455).
- Fix CVE-2019-13300: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931454).
- Fix CVE-2019-13304: stack-based buffer overflow for
PNM image (Closes: #931453).
- Fix CVE-2019-13305: stack-based buffer overflow for
PNM image (Closes: #931452).
- Fix CVE-2019-13306: stack-based buffer overflow for
PNM image (Closes: #931449).
- Fix CVE-2019-13307: heap-based buffer overflow in
MagickCore/statistic.c (Closes: #931448).
- Fix CVE-2019-13308: heap-based buffer overflow in
MagickCore/fourier.c (Closes: #931447).
- Fix CVE-2019-13391: heap-based buffer over-read (Closes: #931633).
- Fix CVE-2019-13454: Division by Zero in MagickCore/layer.c
(Closes: #931740).
- Fix CVE-2019-14981: divide-by-zero in MeanShiftImage
(Closes: #955025).
- Fix CVE-2019-15139: DOS for XWD images (Closes: #941670).
- Fix CVE-2019-15140: DOS for mat images (Closes: #941671).
- Fix CVE-2019-19948: Heap-based buffer overflow in SGI coder
(Closes: #947308).
- Fix CVE-2019-19949: Heap buffer over-read in PNG coder
(Closes: #947309).
- Fix CVE-2020-10251: out-of-bounds read vulnerability for HEIC
coder (Closes: #953741).
- Fix CVE-2020-13902: heap-based buffer over-read for TIFF coder.
* Bug fix: "Updating the imagemagick Uploaders list", thanks to Tobias
Frost (Closes: #962110). Thanks Nelson A. de Oliveira
* Add link in api doc dir to assets javascript library
* Fix a typo in convert man page (Closes: #953279,#947983,#921594).
* Fix a pkgconfig error that pull q16 instead of q16hdri (Closes: #950282).
-- Bastien Roucariès <email address hidden> Mon, 27 Jul 2020 03:13:36 +0200
| Published in stretch-release |
imagemagick (8:6.9.7.4+dfsg-11+deb9u8) stretch-security; urgency=medium * CVE-2019-13300 (Closes: #931454) * CVE-2019-13304 (Closes: #931453) * CVE_2019-13305 (Closes: #931452) * CVE-2019-13306 (Closes: #931449) * CVE-2019-13307 (Closes: #931448) * CVE-2019-15140 (Closes: #941671) * CVE-2019-19948 (Closes: #947308) -- Moritz Mühlenhoff <email address hidden> Wed, 01 Jul 2020 23:11:31 +0200
| Superseded in stretch-release |
imagemagick (8:6.9.7.4+dfsg-11+deb9u7) stretch-security; urgency=medium * CVE-2019-10650 (Closes: #926091) * CVE-2019-9956 (Closes: #925395) -- Moritz Mühlenhoff <email address hidden> Thu, 25 Apr 2019 21:05:09 +0200
imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Stack-based buffer overflow in function PopHexPixel in coders/ps.c
(CVE-2019-9956) (Closes: #925395)
* Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
(Closes: #926091)
-- Salvatore Bonaccorso <email address hidden> Fri, 03 May 2019 16:34:26 +0200
imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium
* Bug fix: "identify 6.9.10-23 does not convert units (pixels per
cm/in)", thanks to Cédric Boutillier (Closes: #918642).
-- Bastien Roucariès <email address hidden> Tue, 08 Jan 2019 15:08:25 +0100
| Superseded in sid-release |
imagemagick (8:6.9.10.23+dfsg-1) unstable; urgency=high
* Bug fix: "Silent ABI break in 6.9.10-11 on i386", thanks to Balint
Reczey (Closes: #916839).
* Fix CVE-2018-20467: infinite loop for malformed BMP file
(Closes: #917326).
* Enable HEIF/HEIC image format support (Closes: #914120).
* Enable WEBP image format (Closes: #806425, #912777)
-- Bastien Roucariès <email address hidden> Sun, 06 Jan 2019 21:11:34 +0100
| Superseded in stretch-release |
imagemagick (8:6.9.7.4+dfsg-11+deb9u6) stretch-security; urgency=medium * CVE-2018-16412 * CVE-2018-16413 * CVE-2018-16642 * CVE-2018-16644 * CVE-2018-16645 -- Moritz Mühlenhoff <email address hidden> Thu, 11 Oct 2018 00:09:33 +0200
imagemagick (8:6.9.10.14+dfsg-7) unstable; urgency=medium
* Bug fix: "wrong Provides: libmagickcore-6.defaultquantum-dev,
libmagickcore-dev (= 8:6.9.10.14+dfsg-5)", thanks to Helmut Grohne
(Closes: #912833).
-- Bastien Roucariès <email address hidden> Sun, 04 Nov 2018 21:09:08 +0100
Available diffs
imagemagick (8:6.9.10.14+dfsg-5) unstable; urgency=high
* Use jdupes instead of rdfind in order to avoid link to build dir
* Bug fix: "Please remove me from uploaders", thanks to Vincent Fourmond
(Closes: #897293).
* Bump policy (no changes)
-- Bastien Roucariès <email address hidden> Thu, 01 Nov 2018 22:07:12 +0100
imagemagick (8:6.9.10.14+dfsg-4) unstable; urgency=medium
* Use salsa in control
* Add Pre-depends on dpkg for versionned provides
* Bug fix: "make foreign dependencies on transitional -dev packages
satisfiable", thanks to Helmut Grohne (Closes: #893030).
-- Bastien Roucariès <email address hidden> Wed, 31 Oct 2018 07:27:50 +0100
| Superseded in sid-release |
imagemagick (8:6.9.10.14+dfsg-3) unstable; urgency=medium * Fix FTBFS due to == in control. -- Bastien Roucariès <email address hidden> Tue, 30 Oct 2018 14:56:27 +0100
| Superseded in sid-release |
imagemagick (8:6.9.10.14+dfsg-2) unstable; urgency=medium
* Bug fix: "imagemagick binary-all FTBFS: rdfind: Command not found",
thanks to Adrian Bunk (Closes: #912309).
* Use ${binary:Version} instead of hard coded version for compat dev
packages.
-- Bastien Roucariès <email address hidden> Tue, 30 Oct 2018 10:00:51 +0100
| Superseded in sid-release |
imagemagick (8:6.9.10.14+dfsg-1) unstable; urgency=medium
* New upstream version
* Fix new privacy breach
* Fix duplicate files in documentation
* Fix security bugs:
+ CVE-2018-18544: Fix a memory leak in the function WriteMSLImage of
coders/msl.c
+ CVE-2018-18024: Fix an infinite loop in the ReadBMPImage function of the
coders/bmp.c file can cause a DOS via a crafted bmp file.
+ CVE-2018-18023: A heap-based buffer over-read in the SVGStripString
function of coders/svg.c, which allows attackers to cause a denial
of service via a crafted SVG image file.
+ CVE-2018-16645: Fix an excessive memory allocation issue in the functions
ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c,
which allows remote attackers to cause a denial of service via
a crafted image file.
(Closes: #910889)
+ CVE-2018-16644: Fix a missing check for length in the functions
ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c,
which allows remote attackers to cause a denial of service via
a crafted image.
(Closes: #910888)
+ CVE-2018-16413: Fix a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called
from the coders/psd.c ParseImageResourceBlocks function.
(Closes: #910887)
+ CVE-2018-16323: Fix an information disclosure vulnerability that existed
in ImageMagick when processing XBM images. An attacker could use this
to expose sensitive information.
(Closes: #907776)
+ CVE-2018-16412: Fix a heap-based buffer over-read in the coders/psd.c
ParseImageResourceBlocks function.
+ CVE-2018-17965: Fix a memory leak vulnerability in WriteSGIImage
in coders/sgi.c.
+ CVE-2018-17966: Fix a memory leak vulnerability in WritePDBImage
in coders/pdb.c.
+ CVE-2018-17967: Fix a memory leak vulnerability in ReadBGRImage
in coders/bgr.c.
+ CVE-2018-18016: Fix a memory leak vulnerability in WritePCXImage
in coders/pcx.c.
-- Bastien Roucariès <email address hidden> Mon, 29 Oct 2018 13:13:38 +0100
imagemagick (8:6.9.10.8+dfsg-1) unstable; urgency=high
* New upstream version
* Fix security bugs:
+ CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c
uses an uninitialized variable, leading to memory corruption.
(Closes: #904713)
+ CVE-2018-9135: A heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-14437: Memory leak in parse8BIM in coders/meta.c.
+ CVE-2018-14436: Memory leak in ReadMIFFImage in coders/miff.c.
+ CVE-2018-14435: Memory leak in DecodeImage in coders/pcd.c.
+ CVE-2018-14434: Memory leak for a colormap in WriteMPCImage
in coders/mpc.c.
+ CVE-2018-13153: Memory leak in the XMagickCommand function
in MagickCore/animate.c.
-- Bastien Roucariès <email address hidden> Mon, 30 Jul 2018 15:14:16 +0200
imagemagick (8:6.9.10.2+dfsg-3) unstable; urgency=high * Fix perlmagick (Closes: #903404) -- Bastien Roucariès <email address hidden> Tue, 10 Jul 2018 00:32:34 +0200
| Superseded in sid-release |
imagemagick (8:6.9.10.2+dfsg-2) unstable; urgency=medium * Upload to unstable -- Bastien Roucariès <email address hidden> Sun, 08 Jul 2018 18:49:44 +0200
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.10.2+dfsg-1) experimental; urgency=medium
* Bug fix: "FTBFS on i386: testsuite failure in Magick++/tests/tests.tap
2", thanks to Sven Joachim (Closes: #893953).
* Bug fix: "drop libtool-bin from Build-Depends", thanks to Helmut
Grohne (Closes: #893925).
* Move to git dpm
* Move to salsa
* SO dump
* Fix security bugs:
+ CVE-2018-9133: Excessive iteration in the DecodeLabImage
and EncodeLabImage functions (coders/tiff.c), which results
in a hang (tens of minutes) with a tiny PoC file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted tiff file.
(Closes: #894848)
+ CVE-2018-9133: SetGrayscaleImage in the quantize.c file
allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-11624: the ReadMATImage function in coders/mat.c
allows attackers to cause a use after free via a crafted file.
+ CVE-2018-11625: the SetGrayscaleImage in the quantize.c
file allows attackers to cause a heap-based buffer over-read
via a crafted file.
+ CVE-2018-10177: An infinite loop is present in the
ReadOneMNGImage function of the coders/png.c file.
Remote attackers could leverage this vulnerability
to cause a denial of service via a crafted mng file.
+ CVE-2017-14528: Tested (with and without valgrind) and found immune.
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers
to cause a denial of service (use-after-free after an invalid call
to TIFFSetField, and application crash) via a crafted file.
+ CVE-2018-11624: heap-based buffer over-read in IsWEBPImageLossless
in coders/webp.c.
+ CVE-2018-10805: a memory leak in ReadYCBCRImage in coders/ycbcr.c.
(Closes: #898218).
+ CVE-2018-10804: a memory leak in WriteTIFFImage in coders/tiff.c.
(Closes: #898217)
+ CVE-2018-12599: the ReadBMPImage and WriteBMPImage functions
in coders/bmp.c allow attackers to cause an out of bounds write
via a crafted file.
+ CVE-2018-12600: the ReadDIBImage and WriteDIBImage in coders/dib.c
allow attackers to cause an out of bounds write via a crafted file.
-- Bastien Roucariès <email address hidden> Mon, 25 Jun 2018 14:29:02 +0200
| Published in jessie-release |
imagemagick (8:6.8.9.9-5+deb8u12) jessie-security; urgency=high
* Non-maintainer upload.
* Fix the following security vulnerabilities:
- CVE-2017-10995: heap-based buffer over-read and application crash via a
crafted MNG image. (Closes: #867748)
- CVE-2017-11533: heap-based buffer over-read in the WriteUILImage()
function in coders/uil.c. (Closes: #869834)
- CVE-2017-11535: heap-based buffer over-read in the WritePSImage()
function in coders/ps.c. (Closes: #869827)
- CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage()
function in coders/cip.c. (Closes: #870065)
- CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized
data, which might allow remote attackers to obtain sensitive information
from process memory. (Closes: #870012)
- CVE-2017-17504: heap-based buffer over-read. (Closes: #885340)
- CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage
in coders/png.c. (Closes: #885125)
- CVE-2018-5248: heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function. (Closes: #886588)
-- Markus Koschany <email address hidden> Sun, 06 May 2018 18:28:48 +0200
imagemagick (8:6.9.9.39+dfsg-1) unstable; urgency=medium
* Fix security bugs (Closes: #890805):
+ Fix CVE-2018-7443: The ReadTIFFImage function in coders/tiff.c
does not properly validate the amount of image data in a file,
which allows remote attackers to cause a denial of service
(memory allocation failure in the AcquireMagickMemory function
in MagickCore/memory.c). (Closes: #891291)
+ Fix CVE-2018-7470: The IsWEBPImageLossless function in
coders/webp.c allows attackers to cause a denial of service
(segmentation violation) via a crafted file.(Closes: #891420)
+ Fix CVE-2017-17880: there is a stack-based buffer over-read in
WriteWEBPImage in coders/webp.c, related to a
WEBP_DECODER_ABI_VERSION check.
* Provide transitional packages from arch:any packages.
(Closes: #893030)
-- Bastien Roucariès <email address hidden> Mon, 19 Mar 2018 17:03:39 +0100
imagemagick (8:6.9.9.34+dfsg-3) unstable; urgency=high * Upload to unstable (urgency high due to security issues). -- Bastien Roucariès <email address hidden> Sun, 18 Feb 2018 00:12:41 +0100
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.9.34+dfsg-2) experimental; urgency=high * Fix FTBFS for s390x where float_t is double -- Bastien Roucariès <email address hidden> Mon, 12 Feb 2018 22:29:24 +0100
| Superseded in experimental-release |
imagemagick (8:6.9.9.34+dfsg-1) experimental; urgency=high
* New upstream version
* Packaging fix:
+ Fix privacy breach.
+ Bump compat level to 11.
+ Bump policy no changes
+ Fix lintian warnings
+ Fix "unnecessary libgraphviz-dev dependency (and graphviz
suggests?)", thanks to Matthias Klose (Closes: #884444).
+ Remove Vincent Fourmond <email address hidden> as uploader, thanks
to him. (Closes: #878679).
+ Aknowledge NMU (Closes: #856601)
* Fix a few security issues
+ Fix CVE-2017-1000445: NULL pointer dereference in
the MagickCore component and might lead to denial of service.
(Closes: #886281)
+ Fix CVE-2017-1000476: a CPU exhaustion vulnerability was found in
the function ReadDDSInfo in coders/dds.c, which allows attackers
to cause a denial of service.
+ Fix CVE-2017-12140: The ReadDCMImage function in coders\dcm.c
has an integer signedness error leading to excessive memory
consumption via a crafted DCM file.
(Closes: #873059)
+ Fix CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service
(Closes: #872609)
+ Fix CVE-2017-12691: The ReadOneLayer function in coders/xcf.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
(Closes: #875338)
+ Fix CVE-2017-12692: ReadVIFFImage function in coders/viff.c
in ImageMagick allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file.
(Closes: #875339)
+ Fix CVE-2017-12693: The ReadBMPImage function in coders/bmp.c
allows remote attackers to cause a denial of service
(memory consumption) via a crafted BMP
(Closes: #875341)
+ Fix CVE-2017-12875: The WritePixelCachePixels function
allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file.
(Closes: #873871)
+ Fix CVE-2017-12877: Use-after-free vulnerability in
the DestroyImage function in image.c in ImageMagick allows
remote attackers to cause a denial of service via a crafted file.
(Closes: #872373)
+ Fix CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote
attackers to cause a denial of service (application crash)
or possibly have unspecified other impact via a crafted file.
(Closes: #873134)
+ Fix CVE-2017-13061: A length-validation vulnerability was found
in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service
(ReadPSDImage memory exhaustion) via a crafted file
(Closes: #873131)
+ Fix CVE-2017-13133: the load_level function in coders/xcf.c lacks
offset validation, which allows attackers to cause a denial of service
(load_tile memory exhaustion) via a crafted file.
(Closes: #873100)
+ Fix CVE-2017-13134: a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers
to cause a denial of service via a crafted file.
(Closes: #873099)
+ Fix CVE-2017-13758: a heap-based buffer overflow in the TracePoint()
function in MagickCore/draw.c.
(Closes: #878508)
+ Fix CVE-2017-13768: NULL Pointer Dereference in the IdentifyImage
function in MagickCore/identify.c in ImageMagick allows an attacker
to perform denial of service by sending a crafted image file.
(Closes: #875352)
+ Fix CVE-2017-13769: The WriteTHUMBNAILImage function in
coders/thumbnail.c allows an attacker to cause a denial of service
(buffer over-read) by sending a crafted JPEG file.
(Closes: #878507)
+ Fix CVE-2017-14060: a NULL Pointer Dereference issue is present in the
ReadCUTImage function in coders/cut.c that could allow an attacker
to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus
function within the MagickCore/cache.c file) by submitting
a malformed image file.
(Closes: #878506)
+ Fix CVE-2017-14172: In coders/ps.c, a DoS in ReadPSImage()
due to lack of an EOF (End of File) check cause high CPU consumption.
When a crafted PSD file, which claims a large "extent" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875506)
+ Fix CVE-2017-14173: In the function ReadTXTImage() in coders/txt.c,
an integer overflow might occur for the addition operation
"GetQuantumRange(depth)+1" when "depth" is large, producing a smaller
value than expected. As a result, an infinite loop would occur
for a crafted TXT file that claims a very large "max_value" value.
(Closes: #875504)
+ Fix CVE-2017-14174: In coders/psd.c in ReadPSDLayersInternal()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted PSD file, which claims a large "length" field
in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875503)
+ Fix CVE-2017-14175: In coders/xbm.c in ReadXBMImage()
a lack of an EOF (End of File) check might cause huge CPU consumption.
When a crafted XBM file, which claims large rows and columns fields
in the header but does not contain sufficient backing data,
is provided, the loop over the rows would consume huge CPU resources,
since there is no EOF check inside the loop.
(Closes: #875502)
+ Fix CVE-2017-14224: A heap-based buffer overflow in WritePCXImage
in coders/pcx.c allows remote attackers to cause a denial
of service or code execution via a crafted file.
(Closes: #876097)
+ Fix CVE-2017-14249: Imagemagick mishandles EOF checks in
ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c,
allowing remote attackers to cause a denial of service
via a crafted file.
(Closes: #876099)
+ Fix CVE-2017-14341: large loop vulnerability in ReadWPGImage
in coders/wpg.c, causing CPU exhaustion via a crafted
wpg image file.
(Closes: #876105)
+ Fix CVE-2017-14400: PersistPixelCache function in magick/cache.c
mishandles the pixel cache nexus, which allows remote attackers
to cause a denial of service (NULL pointer dereference
in the function GetVirtualPixels in MagickCore/cache.c)
via a crafted file.
(Closes: #878546)
+ Fix CVE-2017-14505: DrawGetStrokeDashArray in wand/drawing-wand.c
mishandles certain NULL arrays, which allows attackers to perform
Denial of Service (NULL pointer dereference and application crash in
AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input.
(Closes: #878545)
+ Fix CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags
in coders/tiff.c.
(Closes: #878541)
+ Fix CVE-2017-14607: out of bounds read flaw related to ReadTIFFImage
has been reported in coders/tiff.c. An attacker could possibly
exploit this flaw to disclose potentially sensitive memory
or cause an application crash.
(Closes: #878527)
+ Fix CVE-2017-14624: a NULL Pointer Dereference vulnerability
in the function PostscriptDelegateMessage in coders/ps.c.
(Closes: #877354)
+ Fix CVE-2017-14625: NULL Pointer Dereference vulnerability
in the function sixel_output_create in coders/sixel.c.
(Closes: #877355)
+ Fix CVE-2017-14626: NULL Pointer Dereference vulnerability
in the function sixel_decode in coders/sixel.c.
(Closes: #878524)
+ Fix CVE-2017-14682: GetNextToken in MagickCore/token.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability
than CVE-2017-10928.
(Closes: #876488)
+ Fix CVE-2017-14739: The AcquireResampleFilterThreadSet
function in magick/resample-private.h in ImageMagick
mishandles failed memory allocation, which allows
remote attackers to cause a denial of service
(NULL Pointer Dereference in DistortImage in
MagickCore/distort.c, and application crash)
via unspecified vectors.
(Closes: #878547)
+ Fix CVE-2017-14741: The ReadCAPTIONImage function in coders/caption.c
allows remote attackers to cause a denial of service
(infinite loop) via a crafted font file.
(Closes: #878548)
+ Fix CVE-2017-14989: A use-after-free in RenderFreetype
in MagickCore/annotate.c allows attackers to crash the application
via a crafted font file, because the FT_Done_Glyph function
(from FreeType 2) is called at an incorrect place in the ImageMagick code.
(Closes: #878562)
+ Fix CVE-2017-15015: NULL pointer dereference vulnerability in
PDFDelegateMessage in coders/pdf.c.
(Closes: #878555)
+ Fix CVE-2017-15017: NULL pointer dereference vulnerability
in ReadOneMNGImage in coders/png.c.
(Closes: #878554)
+ Fix CVE-2017-15277: ReadGIFImage in coders/gif.c leaves
the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is
used as a library loaded into a process that operates on
interesting data, this data sometimes can be leaked
via the uninitialized palette.
(Closes: #878578)
+ Fix CVE-2017-15281: ReadPSDImage in coders/psd.c
allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact
via a crafted file, related to "Conditional jump or move
depends on uninitialised value(s).
(Closes: #878579).
+ Fix CVE-2017-16546: The ReadWPGImage function in coders/wpg.c
does not properly validate the colormap index in a WPG palette,
which allows remote attackers to cause a denial of service
(use of uninitialized data or invalid memory allocation)
or possibly have unspecified other impact via a malformed WPG file.
(Closes: #881392)
+ Fix CVE-2017-17499: use-after-free in Magick::Image::read
in Magick++/lib/Image.cpp.
(Closes: #885339)
+ Fix CVE-2017-17504: coders/png.c Magick_png_read_raw_profile
heap-based buffer over-read via a crafted file, related to
ReadOneMNGImage.
(Closes: #885340)
+ Fix CVE-2017-17681: an infinite loop vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c, which
allows attackers to cause a denial of service (CPU exhaustion)
via a crafted psd image file.
(Closes: #885941)
+ Fix CVE-2017-17682: large loop vulnerability was found in the
function ExtractPostscript in coders/wpg.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted wpg
image file that triggers a ReadWPGImage call.
(Closes: #885942)
+ Fix CVE-2017-17879: a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error.
(Closes: #885125)
+ Fix CVE-2017-17914: a vulnerability was found in the function
ReadOnePNGImage in coders/png.c, which allows attackers to cause
a denial of service (ReadOneMNGImage large loop) via a crafted mng
image file.
(Closes: #886584)
+ Fix CVE-2018-5248: a heap-based buffer over-read in coders/sixel.c
in the ReadSIXELImage function, related to the sixel_decode function.
(Closes: #886588)
* Fix a few unimportant security bugs:
+ Fix CVE-2017-12644 memory leak vulnerability
in ReadDCMImage in coders\dcm.c
+ Fix CVE-2017-13058 memory leak in WritePCXImage
+ Fix CVE-2017-13059 memory leak in WriteJNGImage
+ Fix CVE-2017-13060 memory leak in ReadMATImage
+ Fix CVE-2017-13062 memory leak vulnerability
found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service
(WriteMETAImage memory consumption) via a crafted file.
+ Fix CVE-2017-13131 a memory leak vulnerability
found in the function ReadMIFFImage in coders/miff.c,
which allows attackers to cause a denial of service
(memory consumption in NewLinkedList in MagickCore/linked-list.c)
via a crafted file.
+ Fix CVE-2017-14137: ReadWEBPImage in coders/webp.c has an issue
where memory allocation is excessive,
because it depends only on a length field in a header.
+ Fix CVE-2017-14138: ReadWEBPImage in coders/webp.c
because memory is not freed in certain error cases.
+ Fix CVE-2017-14139: memory leak vulnerability
in WriteMSLImage in coders/msl.c.
+ Fix CVE-2017-14324: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14325: memory leak in ReadMPCImage (coders/mpc.c)
+ Fix CVE-2017-14326: memory leak vulnerability in the function
ReadMATImage in coders/mat.c, which allows attackers
to cause a denial of service via a crafted file.
+ Fix CVE-2017-14342: memory exhaustion vulnerability in
ReadWPGImage in coders/wpg.c via a crafted wpg image file.
+ Fix CVE-2017-14343: memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image file.
+ Fix CVE-2017-14531: memory exhaustion issue in
ReadSUNImage in coders/sun.c.
+ Fix CVE-2017-14533: memory leak in ReadMATImage in coders/mat.c.
+ Fix CVE-2017-14684: mory leak vulnerability was found in the
function ReadVIPSImage in coders/vips.c, which allows
attackers to cause a denial of service (memory consumption
in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
(Closes: #876487)
+ Fix CVE-2017-15016: a NULL pointer dereference vulnerability
in ReadEnhMetaFile in coders/emf.c. (source fix not compiled
under Debian).
+ Fix CVE-2017-15032: memory leak in ReadYCBCRImage in
coders/ycbcr.c.
+ Fix CVE-2017-15033: memory leak in ReadYUVImage in coders/yuv.c.
+ Fix CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c.
+ Fix CVE-2017-15218: memory leak in ReadOneJNGImage in coders/png.c.
+ Fix CVE-2017-17680: a memory leak vulnerability was found in
the function ReadXPMImage in coders/xpm.c, which allows
attackers to cause a denial of service via a crafted xpm image file.
+ Fix CVE-2017-17881: a memory leak vulnerability was found in
the function ReadMATImage in coders/mat.c, which allows
attackers to cause a denial of service via a crafted MAT image file.
+ Fix CVE-2017-17882: a memory leak vulnerability was found in the
function ReadXPMImage in coders/xpm.c, which allows attackers
to cause a denial of service via a crafted XPM image file.
+ Fix CVE-2017-17883: a memory leak vulnerability was found in the
function ReadPGXImage in coders/pgx.c, which allows attackers
to cause a denial of service via a crafted PGX image file.
+ Fix CVE-2017-17884: a memory leak vulnerability was found in the
function WriteOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service via
a crafted PNG image file.
+ Fix CVE-2017-17885: a memory leak vulnerability was found
in the function ReadPICTImage in coders/pict.c, which
allows attackers to cause a denial of service via a crafted
PICT image file.
+ Fix CVE-2017-17886: a memory leak vulnerability was found
in the function ReadPSDChannelZip in coders/psd.c,
which allows attackers to cause a denial of service
via a crafted psd image file.
+ Fix CVE-2017-17887: a memory leak vulnerability
was found in the function GetImagePixelCache in magick/cache.c,
which allows attackers to cause a denial of service via a crafted
MNG image file that is processed by ReadOneMNGImage.
+ Fix CVE-2017-17934: a memory leaks in coders/msl.c,
related to MSLPopImage and ProcessMSLScript,
and associated with mishandling of MSLPushImage calls.
+ Fix CVE-2017-18008: a ùemory Leak in ReadPWPImage in coders/pwp.c.
+ Fix CVE-2017-18022: memory leaks in MontageImageCommand
in MagickWand/montage.c.
+ Fix CVE-2017-18027: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18028: a memory exhaustion vulnerability
was found in the function ReadTIFFImage in coders/tiff.c,
which allow remote attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-18029: a memory leak vulnerability was found
in the function ReadMATImage in coders/mat.c,
which allow remote attackers to cause a denial of
service via a crafted file.
+ Fix CVE-2017-6502: a specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS)
+ Fix CVE-2018-5246: Fix memory leaks in ReadPATTERNImage
in coders/pattern.c.
+ Fix CVE-2018-5247: Fix memory leaks in ReadRLAImage in coders/rla.c.
+ Fix CVE-2018-5357: Fix memory leaks in the ReadDCMImage function
in coders/dcm.c.
+ Fix CVE-2018-5358: Fix memory leaks in the EncodeImageAttributes
function in coders/json.c, as demonstrated by the
ReadPSDLayersInternal function in coders/psd.c.
* Backport fix:
+ Fix CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c
in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap
variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak.
This allows remote attackers to cause a denial of service.
(from b0a464122e0d8a1e1e31f6cd6d3f4d085fa8fb0)
-- Bastien Roucariès <email address hidden> Thu, 08 Feb 2018 13:38:05 +0100
imagemagick (8:6.9.7.4+dfsg-16.1) unstable; urgency=medium
* Non-maintainer upload.
* Remove wrong Multi-Arch: foreign from libmagickcore-dev, libmagickwand-dev
and libmagick++-dev. (Closes: #856601)
-- Helmut Grohne <email address hidden> Sun, 28 Jan 2018 15:12:24 +0100
| Superseded in jessie-release |
imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
* Multiple security fixes
CVE-2017-12983 (Closes: #873134)
CVE-2017-13134 (Closes: #873099)
CVE-2017-13769 (Closes: #878507)
CVE-2017-14224 (Closes: #876097)
CVE-2017-14607 (Closes: #878527)
CVE-2017-14682 (Closes: #876488)
CVE-2017-14989 (Closes: #878562)
CVE-2017-15277 (Closes: #878578)
CVE-2017-11352 (Closes: #868469)
CVE-2017-11640 (Closes: #870067)
CVE-2017-12431 (Closes: #869715)
CVE-2017-12640 (Closes: #870106)
CVE-2017-13139 (Closes: #870109)
CVE-2017-13144 (Closes: #869728)
CVE-2017-13758 (Closes: #878508)
CVE-2017-16546 (Closes: #881392)
CVE-2017-12877 (Closes: #872373)
-- Moritz Muehlenhoff <email address hidden> Thu, 16 Nov 2017 23:13:59 +0100
| Superseded in stretch-release |
imagemagick (8:6.9.7.4+dfsg-11+deb9u3) stretch-security; urgency=medium * CVE-2017-12983 (Closes: #873134) * CVE-2017-13134 (Closes: #873099) * CVE-2017-13758 (Closes: #878508) * CVE-2017-13769 (Closes: #878507) * CVE-2017-14224 (Closes: #876097) * CVE-2017-14607 (Closes: #878527) * CVE-2017-14682 (Closes: #876488) * CVE-2017-14989 (Closes: #878562) * CVE-2017-15277 (Closes: #878578) -- Moritz Mühlenhoff <email address hidden> Fri, 10 Nov 2017 20:46:29 +0100
| Superseded in stretch-release |
imagemagick (8:6.9.7.4+dfsg-11+deb9u1) stretch-security; urgency=high
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
-- Bastien Roucariès <email address hidden> Fri, 14 Jul 2017 15:56:50 +0200
| Deleted in experimental-release (Reason: None provided.) |
imagemagick (8:6.9.9.6+dfsg-1) experimental; urgency=medium
* Bump so due to ABI problem and g++7 (Closes: #871300).
* New upstream version.
+ Fix CVE-2017-6502, webp buffer overflow. (Closes: #856883).
+ Fix CVE-2017-11751:
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of service (memory leak) via
a crafted file. (Closes: #870480).
+ CVE-2017-12674: a CPU exhaustion vulnerability was found in
the function ReadPDBImage in coders/pdb.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12429: a memory exhaustion vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service.
+ CVE-2017-12140: The ReadDCMImage function in coders\dcm.c has an integer
signedness error leading to excessive memory consumption
via a crafted DCM file.
+ CVE-2017-12433: A memory leak vulnerability was found in
the function ReadPESImage in coders/pes.c, which allows attackers
to cause a denial of service, related to ResizeMagickMemory in memory.c.
+ CVE-2017-12418: A memory leaks was found in
the parse8BIMW and format8BIM functions in coders/meta.c,
related to the WriteImage function in MagickCore/constitute.c.
+ CVE-2017-12644: a memory leak vulnerability was found
in ReadDCMImage in coders\dcm.c.
* Update copyright file.
* Ship ImageMagick man file (Closes: #856997).
* Remove configuration files installed by mistake in an
experimental version (Closes: #851627).
* Bug fix: "Typo in debian/changelog for CVE identifier", thanks to
Salvatore Bonaccorso (Closes: #864151).
-- Bastien Roucariès <email address hidden> Fri, 11 Aug 2017 17:09:53 +0200
imagemagick (8:6.9.7.4+dfsg-16) unstable; urgency=high
* Security fix release
* Fix a memory exhaustion in ReadPSDImage
(Closes: #870530)
* Fix a memory-Leak in ReadPWPImage()
(Closes: #870527)
* Avoid unbounded loop in pwp coder
(Closes: #870526)
* Fix a memory leaks in WriteMSLImage
(Closes: #870525)
* Fix another memory leak in WriteMSLImage
(Closes: #870524)
* Fix a memory exhaustion bug in ReadSUNImage
(Closes: #870504)
* Fix a memory leak in ReadSVGImage
(Closes: #870503)
* Fix a memory leak in WriteMAPImage
(Closes: #870483)
* Fix a memory leak in ReadPICTImage
(Closes: #870502)
* Fix a memory leak in WritePICTImage
(Closes: #870501)
* Fix a memory leak in pdf coder
(Closes: #870492)
* Fix a memory leak in PCX coder
(Closes: #870489)
* Memory exhaustion in PCX coder
(Closes: #870491)
* Memory leak in WriteINLINEImage
(Closes: #870482)
* CVE-2017-11752
The ReadMAGICKImage function in coders/magick.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11751
The WritePICONImage function in coders/xpm.c
allows remote attackers to cause a denial of
service (memory leak) via a crafted file.
(Closes: #870481)
* CVE-2017-11750
Fix improper use of NULL in the JNG decoder
(Closes: #870478)
* memory leak in WriteCALSImage
(Closes: #870475)
-- Bastien Roucariès <email address hidden> Wed, 02 Aug 2017 22:38:50 +0200
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 17:14:38 +0200
| Superseded in sid-release |
imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high
* Security bugs:
+ assertion failed in DestroyImageInfo
A assertion failed in DestroyImageInfo, leading to DOS
(Closes: 870014)
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Memory leak in mat coder
Fix a memory leak in mat coder triggered by a special crafted file
(Closes: #870013).
+ Use of uninitialized data in ImageMagick/coders/mat.c
The coder accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.
(Closes: #870012)
+ CVE-2017-11644
A special crafted file create a memory leak in MAT file coder.
The code need to free two buffer in some exceptionnal
circonstances, instead than just one is freed
(Closes: #870016)
+ Memory leak in mat coder
A special crafted file create a memory leak in MAT coder
(Closes: #870015)
+ Memory leak in mat coder
In case of corrupted file, cloned image (temporarly image) should be freed
(Closes: #870017)
+ assertion failed in DestroyImageInfo due to mat coder
(Closes: #870019)
+ assertion failed in DestroyImage due to mat coder
(Closes: #870020)
+ Memory leak in mat coder (upstream 617)
(Closes: #870021)
+ Memory leak in mat coder (upstream 616)
(Closes: #870022)
+ Memory leak in mat coder (upstream 616)
(Closes: #870023)
-- Bastien Roucariès <email address hidden> Sat, 29 Jul 2017 00:51:39 +0200
imagemagick (8:6.9.7.4+dfsg-13) unstable; urgency=high
* Fix a typo in changelog about CVE numbers
* Security fixes:
+ Really Fix CVE-2017-9500 (Closes: #867778)
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause a denial
of service via a crafted file.
+ Fix CVE-2017-11446 (Closes: #868950)
The ReadPESImage function in coders\pes.c has an infinite
loop vulnerability that can cause CPU exhaustion via a crafted
PES file.
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Use after free in ReadWMFImage
When identify WMF file, a crafted file revealed a use-after-free
vulnerability. (Closes: #869715).
+ CVE-2017-11534: Memory-Leak in lite_font_map()
In coders/wmf.c a memory leak is triggered by a crafted file.
(Closes: #869711).
+ CVE-2017-11537: palm coder FPE
When ImageMagick processes a crafted file in convert, it can
lead to a Floating Point Exception (FPE) in the WritePALMImage()
function in coders/palm.c, related to an incorrect bits-per-pixel
calculation.
(Closes: #869712)
+ Memory leak in WritePALMImage
Fix memory leak due to crafted file in palm coder.
(Closes: #869721)
+ Fix another memory leak in quantize.c
(Closes: #869722)
+ CVE-2017-11531 Memory-Leak in WriteHISTOGRAMImage()
A crafted file could trigger a
Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c
(Closes: #869725)
+ Avoid a crash in mpc coder
A crafted file could trigger a crash in the mpc coder.
(Closes: #869728).
+ Fix a memory leak in enhance.c
Fix a potential memory leak if memory could not be allocated for one
of histogram or stretch_map.
If both cannot be allocated, there is no memory leak. If only one is
allocated and the other fails,
there is a memory leak of the one that could not be allocated. There
is very little chance the allocations would fail.
(Closes: #869769).
+ Fix a memory leak in jpeg and mpc coder
A leak due to exception handling exist in MPC and JPEG coder.
This could be triggerd by a crafted file.
(Closes: #869791).
+ Fix memory exhaustion in mpc coder
When identify MPC file , imagemagick will allocate memory to store the
data.
The function StringToUnsignedLong convert string to unsigned long
type, but the return value was not checked.
Here is my policy.xml to limit memory usage,but 256MB limit
can be bypassed.
(Closes: #869727).
+ Fix a leak in mpc file due to corrupted profiles
(Closes: #869796).
+ CVE-2017-11532: memory leak
When Imagemagick processes a crafted file in convert,
it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
(Closes: #869726)
+ CVE-2017-11535: heap based overflow in ps.c
When ImageMagick processes a crafted file in
convert, it can lead to a heap-based buffer over-read in the
WritePSImage() function in coders/ps.c.
(Closes: #869827)
+ CVE-2017-11536 memory leak in jp2 coder
When ImageMagick processes a crafted file in convert, it
can lead to a Memory Leak in the WriteJP2Image() function in
coders/jp2.c.
(Closes: #869831)
+ Fix a crash in jp2 codec
Lack of validation of jp2 could lead to a crash
(Closes: #869830)
+ CVE-2017-11533: heap buffer overflow in uil coder
When ImageMagick processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteUILImage() function
in coders/uil.c.
(Closes: #869834)
-- Bastien Roucariès <email address hidden> Tue, 25 Jul 2017 22:13:44 +0200
| Superseded in jessie-release |
imagemagick (8:6.8.9.9-5+deb8u9) jessie-security; urgency=high
* Security fixes various:
+ CVE-2017-7606: Undefined behavior in rle (Closes: #859771).
+ CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769).
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7943 memory leak in svg (Closes: #860736).
* Security fixes DOS:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
* Fix a regression in memory allocation due to a previous security fix.
(Closes: #859772).
* Change my mail adress to the debian one.
-- Bastien Roucariès <email address hidden> Fri, 05 May 2017 11:47:25 +0200
imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
-- Bastien Roucariès <email address hidden> Fri, 14 Jul 2017 15:35:15 +0200
imagemagick (8:6.9.7.4+dfsg-11) unstable; urgency=high
* Fix minor security bugs:
+ CVE-2017-9409: Memory leak in the icon file coder.
(Closes: #864087)
+ CVE-2017-9407: the ReadPALMImage function in palm.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864089).
+ CVE-2017-9409: the ReadMPCImage function in mpc.c
allows attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #864090).
-- Bastien Roucariès <email address hidden> Sun, 04 Jun 2017 12:02:50 +0200
imagemagick (8:6.9.7.4+dfsg-10) unstable; urgency=medium
* Fix minor security bugs:
+ CVE-2017-9262: Memory leak in the ReadJNGImage function
(Closes: #863834).
+ CVE-2017-9261: Memory leak in the ReadMNGImage function
(Closes: #863833).
-- Bastien Roucariès <email address hidden> Thu, 01 Jun 2017 11:57:38 +0200
imagemagick (8:6.9.7.4+dfsg-9) unstable; urgency=high
* Security fixes assertion failure and memory leaks:
+ Check for EOF conditions for RLE image format. (Closes: #863126).
Fix CVE-2017-9144.
+ A crafted file revealed an assertion failure in blob.c.
(Closes: #863125).
Fix CVE-2017-9142.
+ A crafted file revealed an assertion failure in profile.c.
(Closes: #863124). Fix CVE-2017-9142.
+ Specially crafted arts file could lead to memory leak.
(Closes: #863123). Fix CVE-2017-9143.
* Fix an information leak due to the use of uninitialized memory
in RLE decoder. (Closes: #862967). Fix CVE-2017-9098.
-- Bastien Roucariès <email address hidden> Sat, 27 May 2017 15:54:06 +0200
imagemagick (8:6.9.7.4+dfsg-8) unstable; urgency=high
* Bug fix: "Built-Using field with binary version", thanks to Aurelien
Jarno (Closes: #862690).
-- Bastien Roucariès <email address hidden> Mon, 15 May 2017 23:35:30 +0200
| Superseded in sid-release |
imagemagick (8:6.9.7.4+dfsg-7) unstable; urgency=medium
* Fix a few securities bug:
+ Fix CVE-2017-8343: The ReadAAIImage function in
aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (Closes: #862572).
+ Fix CVE-2017-8344: Fix DOS in PCX file coders.
(Closes: #862574).
+ Fix CVE-2017-8345: The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak)
via a crafted file. (Closes: #862573)
+ Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file. (Closes: #862575).
+ Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577).
+ Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578).
+ Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579).
+ Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587).
+ Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589).
+ Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590).
+ Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632).
+ Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633).
+ Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634).
+ Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635).
+ Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636).
+ Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653).
+ Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637).
-- Bastien Roucariès <email address hidden> Mon, 15 May 2017 14:59:33 +0200
| Superseded in jessie-release |
imagemagick (8:6.8.9.9-5+deb8u8) jessie-security; urgency=high
* Fix a few security bugs:
+ Assertion failure in TGA coder (Closes: #856878).
Fix CVE-2017-6498.
+ Out of bound in sun file coder (Closes: #856879).
Fix CVE-2017-6500.
+ Memory leak in libmagick++ library (Closes: #856880).
Fix CVE-2017-6499.
+ Missing null pointer check in xcf coder (Closes: #856881)
and psd coder (Closes: #856882).
Fix CVE-2017-6501 and CVE-2017-6497.
+ Fix a memory leak in options handler (Closes: #857426, LP: #1671630)
* Fix a regression in jessie, Fix artefacts running -sharpen
on CMYK images (Closes: #844594).
-- Bastien Roucariès <email address hidden> Sat, 11 Mar 2017 16:11:35 +0100
imagemagick (8:6.9.7.4+dfsg-6) unstable; urgency=high
* Fix three securities bug:
+ CVE-2017-7941 memory leak in sgi (Closes: #860734).
+ CVE-2017-7942 memory leak in avs (Closes: #860735).
+ CVE-2017-7943 Memory leak in svg (Closes: #860736).
-- Bastien Roucariès <email address hidden> Wed, 19 Apr 2017 22:23:18 +0200
imagemagick (8:6.9.7.4+dfsg-5) unstable; urgency=medium
* Bug fix: "imagemagick-doc upgrade failure: dpkg-maintscript-helper:
error: missing arguments after --", thanks to Adrian Bunk (Closes:
#860280).
-- Bastien Roucariès <email address hidden> Fri, 14 Apr 2017 12:19:36 +0200
| 1 → 75 of 172 results | First • Previous • Next • Last |
