Debian Imagemagick vulnerabilities

CVE-2019-12975 [MEDIUM] CVE-2019-12975: imagemagick - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage functi... ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-7395 [HIGH] CVE-2019-7395: imagemagick - In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coder... In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-15141 [HIGH] CVE-2019-15141: imagemagick - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to ... WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs beca

CVE-2019-7397 [HIGH] CVE-2019-7397: graphicsmagick - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory... In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Scope: local bookworm: resolved (fixed in 1.4~hg15896-1) bullseye: resolved (fixed in 1.4~hg15896-1) forky: resolved (fixed in 1.4~hg15896-1) sid: resolved (fixed in 1.4~hg15896-1) trixie: resolved (fixed in 1.4~hg15896-1)

CVE-2019-13298 [HIGH] CVE-2019-13298: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-ac... ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-7398 [HIGH] CVE-2019-7398: imagemagick - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/... In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-7396 [HIGH] CVE-2019-7396: imagemagick - In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders... In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-16711 [MEDIUM] CVE-2019-16711: imagemagick - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-11472 [MEDIUM] CVE-2019-11472: imagemagick - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7... ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-

CVE-2019-13296 [MEDIUM] CVE-2019-13296: imagemagick - ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because ... ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-19952 [CRITICAL] CVE-2019-19952: imagemagick - In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDis... In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13302 [HIGH] CVE-2019-13302: imagemagick - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier... ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13310 [MEDIUM] CVE-2019-13310: imagemagick - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an e... ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-16712 [MEDIUM] CVE-2019-16712: imagemagick - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, ... ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-13311 [MEDIUM] CVE-2019-13311: imagemagick - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wa... ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)

CVE-2019-13136 [HIGH] CVE-2019-13136: imagemagick - ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the functio... ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-12974 [MEDIUM] CVE-2019-12974: imagemagick - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and ... A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9

CVE-2019-10649 [MEDIUM] CVE-2019-10649: imagemagick - In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValueP... In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in

CVE-2019-13391 [HIGH] CVE-2019-13391: imagemagick - In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-ba... In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixi

CVE-2019-12976 [MEDIUM] CVE-2019-12976: imagemagick - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pc... ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Scope: local bookworm: resolved (fixed in 8:6.9.11.24+dfsg-1) bullseye: resolved (fixed in 8:6.9.11.24+dfsg-1) forky: resolved (fixed in 8:6.9.11.24+dfsg-1) sid: resolved (fixed in 8:6.9.11.24+dfsg-1) trixie: resolved (fixed in 8:6.9.11.24+dfsg-1)