Debian Imagemagick vulnerabilities

CVE-2017-12140 [MEDIUM] CVE-2017-12140: imagemagick - The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer ... The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trix

CVE-2017-14624 [CRITICAL] CVE-2017-14624: imagemagick - ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the func... ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.3

CVE-2017-11166 [MEDIUM] CVE-2017-11166: imagemagick - The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory le... The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-7) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-7) forky: resolved (fixed in 8:6.9.7.4+df

CVE-2017-18027 [MEDIUM] CVE-2017-18027: imagemagick - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the functio... In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fix

CVE-2017-17886 [MEDIUM] CVE-2017-17886: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: res

CVE-2017-14325 [MEDIUM] CVE-2017-14325: imagemagick - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the functio... In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: re

CVE-2017-12692 [MEDIUM] CVE-2017-12692: imagemagick - The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote... The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-13131 [MEDIUM] CVE-2017-13131: imagemagick - In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky

CVE-2017-12564 [MEDIUM] CVE-2017-12564: imagemagick - In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function Re... In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:6.9.7.4+dfsg-14) sid: resolved (fixed in 8:6.9.7.4+dfsg-14) trix

CVE-2017-14342 [MEDIUM] CVE-2017-14342: imagemagick - ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in cod... ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

CVE-2017-14505 [MEDIUM] CVE-2017-14505: imagemagick - DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles ... DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bull

CVE-2017-17885 [MEDIUM] CVE-2017-17885: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resol

CVE-2017-13062 [MEDIUM] CVE-2017-13062: imagemagick - In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function fo... In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+d

CVE-2017-17883 [MEDIUM] CVE-2017-17883: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved

CVE-2017-12563 [MEDIUM] CVE-2017-12563: imagemagick - In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the funct... In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16

CVE-2017-6502 [MEDIUM] CVE-2017-6502: imagemagick - An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file coul... An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixe

CVE-2017-12642 [HIGH] CVE-2017-12642: imagemagick - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mp... ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-13) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-13) forky: resolved (fixed in 8:6.9.7.4+dfsg-13) sid: resolved (fixed in 8:6.9.7.4+dfsg-13) trixie: resolved (fixed in 8:6.9.7.4+dfsg-13)

CVE-2017-13142 [MEDIUM] CVE-2017-13142: imagemagick - In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could t... In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-15) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-15) forky: resolved (fixed in 8:6.9.7.4+dfsg-15) sid: resolved (fixed in 8:6.9.7.4+dfsg-15) trixie: resol

CVE-2017-14741 [MEDIUM] CVE-2017-14741: imagemagick - The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows ... The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3

CVE-2016-10144 [CRITICAL] CVE-2016-10144: imagemagick - coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by... coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfsg-1) sid: resolved (fixed in 8:6.9.7.4+dfsg-1) trixie: resolved (fixed in 8:6.9.7.4+dfsg-1)