Debian Imagemagick vulnerabilities

CVE-2019-15139 [MEDIUM] CVE-2019-15139: imagemagick - The XWD image (X Window System window dumping file) parsing component in ImageMa... The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. Scope: local bookworm: resolved (fixed in

CVE-2019-14981 [MEDIUM] CVE-2019-14981: imagemagick - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-b... In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+df

CVE-2019-17540 [HIGH] CVE-2019-17540: imagemagick - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in co... ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-16708 [MEDIUM] CVE-2019-16708: imagemagick - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateIm... ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-10714 [MEDIUM] CVE-2019-10714: imagemagick - LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out... LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13297 [HIGH] CVE-2019-13297: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/thresho... ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: reso

CVE-2019-13137 [MEDIUM] CVE-2019-13137: imagemagick - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function Read... ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-13309 [MEDIUM] CVE-2019-13309: imagemagick - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mish... ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-17547 [HIGH] CVE-2019-17547: imagemagick - In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after... In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-16710 [MEDIUM] CVE-2019-16710: imagemagick - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by Acqui... ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfs

CVE-2019-13133 [MEDIUM] CVE-2019-13133: imagemagick - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function Read... ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13299 [HIGH] CVE-2019-13299: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-a... ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-16709 [MEDIUM] CVE-2019-16709: graphicsmagick - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCrea... ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Scope: local bookworm: resolved (fixed in 1.4+really1.3.33+hg16117-1) bullseye: resolved (fixed in 1.4+really1.3.33+hg16117-1) forky: resolved (fixed in 1.4+really1.3.33+hg16117-1) sid: resolved (fixed in 1.4+really1.3.33+hg16117-1) trixie: resolved (fixed in 1.4+really

CVE-2019-17541 [HIGH] CVE-2019-17541: imagemagick - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickC... ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-12977 [HIGH] CVE-2019-12977: imagemagick - ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the Wri... ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-13303 [HIGH] CVE-2019-13303: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composi... ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13295 [HIGH] CVE-2019-13295: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/thresho... ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resol

CVE-2019-11470 [MEDIUM] CVE-2019-11470: imagemagick - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cau... The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+df

CVE-2019-13134 [MEDIUM] CVE-2019-13134: imagemagick - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function Read... ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-19948 [CRITICAL] CVE-2019-19948: imagemagick - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the functi... In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1