ALT-PU-2017-2096-1
Package ImageMagick updated to version 6.9.9.7-alt1.S1 for branch sisyphus in task 187126.
Closed vulnerabilities
BDU:2017-00694
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00887
Уязвимость операционной системы OpenSUSE Leap, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01460
Уязвимость компонента coders/mpc.c консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01773
Уязвимость функции ReadEPTImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01774
Уязвимость функции ReadDPXImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01775
Уязвимость функции ReadOneMNGImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01776
Уязвимость функции ReadCINImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01777
Уязвимость функции ReadTXTImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01778
Уязвимость функции ReadOneJNGImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01779
Уязвимость функции ReadOneDJVUImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01781
Уязвимость компонента AcquireVirtualMemory консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01787
Уязвимость функции ProcessMSLScript в coders/msl.c консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-02021
Уязвимость функции ReadOneMNGImage консольного графического редактора ImageMagick, позволяющая нарушителю произвести чтение за границами памяти
BDU:2021-03377
Уязвимость функции ReadMATImage компонента coders/mat.c консольного графического редактора ImageMagick, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-10058
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- 95212
- 95212
- https://bugzilla.redhat.com/show_bug.cgi?id=1410467
- https://bugzilla.redhat.com/show_bug.cgi?id=1410467
- https://github.com/ImageMagick/ImageMagick/commit/47e8e6ceef979327614d0b8f0c76c6ecb18e09cf
- https://github.com/ImageMagick/ImageMagick/commit/47e8e6ceef979327614d0b8f0c76c6ecb18e09cf
- https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
- https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
Modified: 2024-11-21
CVE-2016-10065
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- openSUSE-SU-2017:0391
- openSUSE-SU-2017:0391
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- 95213
- 95213
- https://bugzilla.redhat.com/show_bug.cgi?id=1410482
- https://bugzilla.redhat.com/show_bug.cgi?id=1410482
- https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
- https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
- https://github.com/ImageMagick/ImageMagick/issues/129
- https://github.com/ImageMagick/ImageMagick/issues/129
Modified: 2024-11-21
CVE-2016-10068
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
- openSUSE-SU-2017:0391
- openSUSE-SU-2017:0391
- openSUSE-SU-2017:0399
- openSUSE-SU-2017:0399
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- [oss-security] 20161226 Re: CVE requests for various ImageMagick issues
- 95219
- 95219
- https://bugzilla.redhat.com/show_bug.cgi?id=1410500
- https://bugzilla.redhat.com/show_bug.cgi?id=1410500
- https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
- https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
Modified: 2024-11-21
CVE-2016-7539
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
- [oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)
- [oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)
- 93232
- 93232
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833101
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833101
- https://bugzilla.redhat.com/show_bug.cgi?id=1378776
- https://bugzilla.redhat.com/show_bug.cgi?id=1378776
- https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
- https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
Modified: 2024-11-21
CVE-2016-8866
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
- openSUSE-SU-2016:3233
- openSUSE-SU-2016:3233
- openSUSE-SU-2017:0023
- openSUSE-SU-2017:0023
- openSUSE-SU-2016:3238
- openSUSE-SU-2016:3238
- [oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)
- [oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)
- [oss-security] 20161021 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)
- [oss-security] 20161021 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)
- https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
- https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
- https://bugzilla.redhat.com/show_bug.cgi?id=1388816
- https://bugzilla.redhat.com/show_bug.cgi?id=1388816
- https://github.com/ImageMagick/ImageMagick/issues/271
- https://github.com/ImageMagick/ImageMagick/issues/271
Modified: 2024-11-21
CVE-2016-9298
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
- [oss-security] 20161113 Imagemagick heap overflow
- [oss-security] 20161113 Imagemagick heap overflow
- [oss-security] 20161114 Re: Imagemagick heap overflow
- [oss-security] 20161114 Re: Imagemagick heap overflow
- 94310
- 94310
- https://github.com/ImageMagick/ImageMagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b
- https://github.com/ImageMagick/ImageMagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b
- https://github.com/ImageMagick/ImageMagick/issues/296
- https://github.com/ImageMagick/ImageMagick/issues/296
- GLSA-201702-09
- GLSA-201702-09
Modified: 2024-11-21
CVE-2016-9559
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
- DSA-3726
- DSA-3726
- [oss-security] 20161119 imagemagick: null pointer must never be null (tiff.c)
- [oss-security] 20161119 imagemagick: null pointer must never be null (tiff.c)
- [oss-security] 20161122 Re: imagemagick: null pointer must never be null (tiff.c)
- [oss-security] 20161122 Re: imagemagick: null pointer must never be null (tiff.c)
- 94489
- 94489
- https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c/
- https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c/
- https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b
- https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b
- https://github.com/ImageMagick/ImageMagick/issues/298
- https://github.com/ImageMagick/ImageMagick/issues/298
Modified: 2024-11-21
CVE-2017-11352
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
Modified: 2024-11-21
CVE-2017-11448
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893
- https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a
- https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a
- https://github.com/ImageMagick/ImageMagick/issues/556
- https://github.com/ImageMagick/ImageMagick/issues/556
Modified: 2024-11-21
CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
- 99958
- 99958
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896
- https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1
- https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1
- https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3
- https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3
- https://github.com/ImageMagick/ImageMagick/issues/556
- https://github.com/ImageMagick/ImageMagick/issues/556
Modified: 2024-11-21
CVE-2017-11450
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867894
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867894
- https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
- https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
- https://github.com/ImageMagick/ImageMagick/issues/556
- https://github.com/ImageMagick/ImageMagick/issues/556
- https://security-tracker.debian.org/tracker/CVE-2017-11450
- https://security-tracker.debian.org/tracker/CVE-2017-11450
Modified: 2024-11-21
CVE-2017-11478
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
Modified: 2024-11-21
CVE-2017-11505
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
Modified: 2024-11-21
CVE-2017-11522
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- https://bugs.debian.org/869209
- https://bugs.debian.org/869209
- https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
- https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
- https://github.com/ImageMagick/ImageMagick/issues/586
- https://github.com/ImageMagick/ImageMagick/issues/586
Modified: 2024-11-21
CVE-2017-11523
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
- https://bugs.debian.org/869210
- https://bugs.debian.org/869210
- https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
- https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
- https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78
- https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78
- https://github.com/ImageMagick/ImageMagick/issues/591
- https://github.com/ImageMagick/ImageMagick/issues/591
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- DSA-4019
- DSA-4019
Modified: 2024-11-21
CVE-2017-11524
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
Modified: 2024-11-21
CVE-2017-11525
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Modified: 2024-11-21
CVE-2017-11526
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
Modified: 2024-11-21
CVE-2017-11527
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Modified: 2024-11-21
CVE-2017-11528
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
Modified: 2024-11-21
CVE-2017-11529
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
Modified: 2024-11-21
CVE-2017-11530
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Modified: 2024-11-21
CVE-2017-12427
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
- https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
- https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
- https://github.com/ImageMagick/ImageMagick/issues/636
- https://github.com/ImageMagick/ImageMagick/issues/636
- GLSA-201711-07
- GLSA-201711-07
Modified: 2024-11-21
CVE-2017-12877
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
- [oss-security] 20170816 imagemagick: use-after-free in DestroyImage (image.c)
- [oss-security] 20170816 imagemagick: use-after-free in DestroyImage (image.c)
- https://blogs.gentoo.org/ago/2017/08/10/imagemagick-use-after-free-in-destroyimage-image-c/
- https://blogs.gentoo.org/ago/2017/08/10/imagemagick-use-after-free-in-destroyimage-image-c/
- https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
- https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4040
- DSA-4040
- DSA-4074
- DSA-4074
Modified: 2024-11-21
CVE-2017-13139
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
- 100494
- 100494
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109
- https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4
- https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4019
- DSA-4019
- DSA-4040
- DSA-4040
Modified: 2024-11-21
CVE-2017-13140
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
Modified: 2024-11-21
CVE-2017-13141
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
Modified: 2024-11-21
CVE-2017-13142
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105
- https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
- https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
- https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
- https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4019
- DSA-4019
Modified: 2024-11-21
CVE-2017-13143
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012
- https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
- https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
- https://github.com/ImageMagick/ImageMagick/issues/362
- https://github.com/ImageMagick/ImageMagick/issues/362
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4019
- DSA-4019
- DSA-4204
- DSA-4204
Modified: 2024-11-21
CVE-2017-13144
In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4019
- DSA-4019
- DSA-4040
- DSA-4040
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
Modified: 2024-11-21
CVE-2017-13145
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830
- https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
- https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
- https://github.com/ImageMagick/ImageMagick/commit/f13c6b54a879aaa771ec64b5a066b939e8f8e7f0
- https://github.com/ImageMagick/ImageMagick/commit/f13c6b54a879aaa771ec64b5a066b939e8f8e7f0
- https://github.com/ImageMagick/ImageMagick/issues/501
- https://github.com/ImageMagick/ImageMagick/issues/501
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- GLSA-201711-07
- GLSA-201711-07
- USN-3681-1
- USN-3681-1
- DSA-4019
- DSA-4019
Modified: 2024-11-21
CVE-2017-13146
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870013
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870013
- https://github.com/ImageMagick/ImageMagick/commit/79e5dbcdd1fc2f714f9bae548bc55d5073f3ed20
- https://github.com/ImageMagick/ImageMagick/commit/79e5dbcdd1fc2f714f9bae548bc55d5073f3ed20
- GLSA-201711-07
- GLSA-201711-07
Modified: 2024-11-21
CVE-2017-13658
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019
- https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
- https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
- https://github.com/ImageMagick/ImageMagick/issues/598
- https://github.com/ImageMagick/ImageMagick/issues/598
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
- [debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update
- [debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update
Modified: 2024-11-21
CVE-2017-5507
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
- DSA-3799
- DSA-3799
- [oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- 95752
- 95752
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382
- https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/66e283e0a9c141b19fe6c4c39f4a41c0d3188ba8
- https://github.com/ImageMagick/ImageMagick/commit/66e283e0a9c141b19fe6c4c39f4a41c0d3188ba8
- GLSA-201702-09
- GLSA-201702-09
Modified: 2024-11-21
CVE-2017-5508
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
- DSA-3799
- DSA-3799
- [oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- [oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
- 95748
- 95748
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851381
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851381
- https://github.com/ImageMagick/ImageMagick/blob/6.9.7-3/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/6.9.7-3/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.4-3/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.4-3/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175
- https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175
- GLSA-201702-09
- GLSA-201702-09
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
Modified: 2024-11-21
CVE-2017-9098
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
- http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c
- http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c
- DSA-3863
- DSA-3863
- 98593
- 98593
- https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
- https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
- [debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update
- [debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update
- https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
- https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html