Debian Imagemagick vulnerabilities

CVE-2018-14436 [MEDIUM] CVE-2018-14436: imagemagick - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.8+dfsg-1) forky: resolved (fixed in 8:6.9.10.8+dfsg-1) sid: resolved (fixed in 8:6.9.10.8+dfsg-1) trixie: resolved (fixed in 8:6.9.10.8+dfsg-1)

CVE-2017-14532 [CRITICAL] CVE-2017-14532: imagemagick - ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/t... ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-13139 [CRITICAL] CVE-2017-13139: imagemagick - In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage functi... In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) trixie: resol

CVE-2017-17499 [CRITICAL] CVE-2017-17499: imagemagick - ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magi... ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+df

CVE-2017-5511 [CRITICAL] CVE-2017-5511: imagemagick - coders/psd.c in ImageMagick allows remote attackers to have unspecified impact b... coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfsg-1) sid: resolved (fixed in 8:6.9.7.4+dfsg-1) trixie: resol

CVE-2017-12429 [HIGH] CVE-2017-12429: imagemagick - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13

CVE-2017-14224 [HIGH] CVE-2017-14224: imagemagick - A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0... A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.

CVE-2017-12587 [HIGH] CVE-2017-12587: imagemagick - ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function ... ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie: resolved (fixed in 8:6.9.7.4+dfsg-16)

CVE-2017-9098 [HIGH] CVE-2017-9098: graphicsmagick - ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized me... ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initia

CVE-2017-12983 [HIGH] CVE-2017-12983: imagemagick - Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in Image... Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in

CVE-2017-13143 [HIGH] CVE-2017-13143: imagemagick - In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function ... In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:6.9.7.4+dfsg-14) s

CVE-2017-12640 [HIGH] CVE-2017-12640: imagemagick - ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage i... ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) trixie: resolved (fixed in 8:6.9.7.4+dfsg-15)

CVE-2017-12806 [HIGH] CVE-2017-12806: imagemagick - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (

CVE-2017-11449 [HIGH] CVE-2017-11449: imagemagick - coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and ... coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.

CVE-2017-17879 [HIGH] CVE-2017-17879: imagemagick - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over... In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in

CVE-2017-5509 [HIGH] CVE-2017-5509: imagemagick - coders/psd.c in ImageMagick allows remote attackers to have unspecified impact v... coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfsg-1) sid: resolved (fixed in 8:6.9.7.4+dfsg-1) trixie: resolved (fixed in 8:6.

CVE-2017-11188 [HIGH] CVE-2017-11188: imagemagick - The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loo... The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid: resolved (fixed in 8:6

CVE-2017-5507 [HIGH] CVE-2017-5507: imagemagick - Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4... Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfsg-1) sid: resolved (fixed in

CVE-2017-12805 [HIGH] CVE-2017-12805: imagemagick - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolve

CVE-2017-14682 [HIGH] CVE-2017-14682: imagemagick - GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers ... GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed