Debian Imagemagick vulnerabilities

CVE-2017-18211 [CRITICAL] CVE-2017-18211: imagemagick - In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the ... In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-8765 [MEDIUM] CVE-2017-8765: imagemagick - The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a m... The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-7) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-7) forky: resolved (fixed in 8:6.9.7.4+dfsg-7) sid: resolved (fixed in 8:6.9.7.4+dfsg-7) trixie:

CVE-2017-18022 [MEDIUM] CVE-2017-18022: imagemagick - In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in Ma... In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-14173 [MEDIUM] CVE-2017-14173: imagemagick - In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integ... In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. Scope: local bookworm: resolved

CVE-2017-17881 [MEDIUM] CVE-2017-17881: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved

CVE-2017-11753 [MEDIUM] CVE-2017-11753: imagemagick - The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 migh... The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-18254 [MEDIUM] CVE-2017-18254: imagemagick - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was fo... An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-18250 [MEDIUM] CVE-2017-18250: imagemagick - An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnera... An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-14175 [MEDIUM] CVE-2017-14175: imagemagick - In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack ... In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EO

CVE-2017-11446 [MEDIUM] CVE-2017-11446: imagemagick - The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite... The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13) trixie: res

CVE-2017-12565 [MEDIUM] CVE-2017-12565: imagemagick - In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) t

CVE-2017-14684 [MEDIUM] CVE-2017-14684: imagemagick - In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the functio... In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) f

CVE-2017-18253 [MEDIUM] CVE-2017-18253: imagemagick - An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnera... An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-9499 [MEDIUM] CVE-2017-9499: imagemagick - In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPi... In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-11755 [MEDIUM] CVE-2017-11755: imagemagick - The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remot... The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2017-12670 [MEDIUM] CVE-2017-12670: imagemagick - In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to... In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:6.9.7.4+dfsg-14) s

CVE-2017-14139 [MEDIUM] CVE-2017-14139: imagemagick - ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/m... ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-14739 [HIGH] CVE-2017-14739: imagemagick - The AcquireResampleFilterThreadSet function in magick/resample-private.h in Imag... The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg

CVE-2017-12641 [HIGH] CVE-2017-12641: imagemagick - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders... ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) trixie: resolved (fixed in 8:6.9.7.4+dfsg-15)

CVE-2017-18252 [MEDIUM] CVE-2017-18252: imagemagick - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in M... An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed i