ALT-PU-2017-2850-1
Package ImageMagick updated to version 6.9.9.28-alt1 for branch sisyphus in task 197584.
Closed vulnerabilities
Published: 2017-12-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17499
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 102155
- 102155
- https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
- https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
- https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
- https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
- USN-3681-1
- USN-3681-1
- DSA-4074
- DSA-4074
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
Published: 2017-12-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17504
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/ImageMagick/ImageMagick/issues/872
- https://github.com/ImageMagick/ImageMagick/issues/872
- [debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update
- [debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update
- USN-3681-1
- USN-3681-1
- DSA-4074
- DSA-4074
- DSA-4204
- DSA-4204