Debian Imagemagick vulnerabilities

CVE-2017-12435 [HIGH] CVE-2017-12435: imagemagick - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16)

CVE-2017-11534 [MEDIUM] CVE-2017-11534: imagemagick - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a M... When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13) trixie: resolved (fixed i

CVE-2017-14341 [MEDIUM] CVE-2017-14341: imagemagick - ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg... ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8

CVE-2017-9405 [MEDIUM] CVE-2017-9405: imagemagick - In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attacker... In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-11) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-11) forky: resolved (fixed in 8:6.9.7.4+dfsg-11) sid: resolved (fixed in 8:6.9.7.4+dfsg-11) trixie: resolved (fixe

CVE-2017-15218 [MEDIUM] CVE-2017-15218: imagemagick - ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-14248 [MEDIUM] CVE-2017-14248: imagemagick - A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMa... A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14533 [MEDIUM] CVE-2017-14533: imagemagick - ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-18028 [MEDIUM] CVE-2017-18028: imagemagick - In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the f... In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resol

CVE-2017-11531 [MEDIUM] CVE-2017-11531: imagemagick - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a M... When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13) trixie: resol

CVE-2017-14249 [MEDIUM] CVE-2017-14249: imagemagick - ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, l... ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed

CVE-2017-18251 [MEDIUM] CVE-2017-18251: imagemagick - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was fo... An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-9409 [MEDIUM] CVE-2017-9409: imagemagick - In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to c... In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-11) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-11) forky: resolved (fixed in 8:6.9.7.4+dfsg-11) sid: resolved (fixed in 8:6.9.7.4+dfsg-11) trixie: resolved (fixed in 8

CVE-2017-12427 [MEDIUM] CVE-2017-12427: imagemagick - The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and ... The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:

CVE-2017-12566 [MEDIUM] CVE-2017-12566: imagemagick - In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16)

CVE-2017-14326 [MEDIUM] CVE-2017-14326: imagemagick - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the functio... In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in

CVE-2017-9262 [MEDIUM] CVE-2017-9262: imagemagick - In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows att... In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-10) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-10) forky: resolved (fixed in 8:6.9.7.4+dfsg-10) sid: resolved (fixed in 8:6.9.7.4+dfsg-10) trixie: resolved

CVE-2017-12654 [MEDIUM] CVE-2017-12654: imagemagick - The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attack... The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie: resolved (

CVE-2017-12644 [HIGH] CVE-2017-12644: imagemagick - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dc... ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-9440 [MEDIUM] CVE-2017-9440: imagemagick - In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel i... In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid: resolved (fixed in 8:6.9.7.4+dfsg-12)

CVE-2017-11170 [HIGH] CVE-2017-11170: imagemagick - The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory le... The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid: resolved (fixed