Package: graphicsmagick X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security
Hi, the following vulnerabilities were published for graphicsmagick. CVE-2017-11636[0]: | GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() | function in coders/rgb.c when processing multiple frames that have | non-identical widths. CVE-2017-11637[1]: | GraphicsMagick 1.3.26 has a NULL pointer dereference in the | WritePCLImage() function in coders/pcl.c during writes of monochrome | images. CVE-2017-11638[2]: | GraphicsMagick 1.3.26 has a segmentation violation in the | WriteMAPImage() function in coders/map.c when processing a | non-colormapped image, a different vulnerability than CVE-2017-11642. CVE-2017-11641[3]: | GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in | magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) | files. CVE-2017-11642[4]: | GraphicsMagick 1.3.26 has a NULL pointer dereference in the | WriteMAPImage() function in coders/map.c when processing a | non-colormapped image, a different vulnerability than CVE-2017-11638. CVE-2017-11643[5]: | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() | function in coders/cmyk.c when processing multiple frames that have | non-identical widths. CVE-2017-11722[6]: | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 | allows remote attackers to cause a denial of service (out-of-bounds | read and application crash) via a crafted file, because the program's | actual control flow was inconsistent with its indentation. This | resulted in a logging statement executing outside of a loop, and | consequently using an invalid array index corresponding to the loop's | exit condition. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11636 [1] https://security-tracker.debian.org/tracker/CVE-2017-11637 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11637 [2] https://security-tracker.debian.org/tracker/CVE-2017-11638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11638 [3] https://security-tracker.debian.org/tracker/CVE-2017-11641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11641 [4] https://security-tracker.debian.org/tracker/CVE-2017-11642 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11642 [5] https://security-tracker.debian.org/tracker/CVE-2017-11643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11643 [6] https://security-tracker.debian.org/tracker/CVE-2017-11722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11722 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
