Debian Imagemagick vulnerabilities

CVE-2017-9407 [MEDIUM] CVE-2017-9407: imagemagick - In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to... In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-11) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-11) forky: resolved (fixed in 8:6.9.7.4+dfsg-11) sid: resolved (fixed in 8:6.9.7.4+dfsg-11) trixie: resolved (fixed in

CVE-2017-12432 [MEDIUM] CVE-2017-12432: imagemagick - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16

CVE-2017-17682 [MEDIUM] CVE-2017-17682: imagemagick - In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the functio... In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) for

CVE-2017-15217 [MEDIUM] CVE-2017-15217: imagemagick - ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-12672 [MEDIUM] CVE-2017-12672: imagemagick - In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:6.9.7.4+dfsg-14) sid: resolved (fixed in 8:6.9.7.4+dfsg-14) trix

CVE-2017-12674 [MEDIUM] CVE-2017-12674: imagemagick - In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function... In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) t

CVE-2017-12428 [HIGH] CVE-2017-12428: imagemagick - In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed i

CVE-2017-17681 [MEDIUM] CVE-2017-17681: imagemagick - In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the fun... In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9

CVE-2017-17882 [MEDIUM] CVE-2017-17882: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved

CVE-2017-12675 [MEDIUM] CVE-2017-12675: imagemagick - In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in c... In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:

CVE-2017-12673 [MEDIUM] CVE-2017-12673: imagemagick - In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) t

CVE-2017-9261 [MEDIUM] CVE-2017-9261: imagemagick - In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows att... In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-10) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-10) forky: resolved (fixed in 8:6.9.7.4+dfsg-10) sid: resolved (fixed in 8:6.9.7.4+dfsg-10) trixie: resolved

CVE-2017-14138 [CRITICAL] CVE-2017-14138: imagemagick - ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/w... ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+df

CVE-2017-11536 [MEDIUM] CVE-2017-11536: imagemagick - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a M... When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13) trixie: resolved (fixed i

CVE-2017-14324 [MEDIUM] CVE-2017-14324: imagemagick - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the functio... In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in

CVE-2017-11540 [MEDIUM] CVE-2017-11540: imagemagick - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a h... When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14531 [MEDIUM] CVE-2017-14531: imagemagick - ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.... ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-12668 [HIGH] CVE-2017-12668: imagemagick - ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/p... ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie: resolved (fixed in 8:6.9.7.4+dfsg-16)

CVE-2017-15032 [CRITICAL] CVE-2017-15032: imagemagick - ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/y... ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-11754 [MEDIUM] CVE-2017-11754: imagemagick - The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remot... The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open