Debian Imagemagick vulnerabilities

CVE-2016-5687 [CRITICAL] CVE-2016-5687: imagemagick - The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7... The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2)

CVE-2016-5118 [CRITICAL] CVE-2016-5118: graphicsmagick - The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick ... The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolve

CVE-2016-5841 [CRITICAL] CVE-2016-5841: imagemagick - Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows re... Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.

CVE-2016-10145 [CRITICAL] CVE-2016-10145: imagemagick - Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have ... Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfsg-1) sid: resolved (fixed in 8:6.9.7.4+dfsg-1) trixie: resolved (fixed in 8:6

CVE-2016-5239 [CRITICAL] CVE-2016-5239: graphicsmagick - The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMag... The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3.24-1

CVE-2016-5691 [CRITICAL] CVE-2016-5691: imagemagick - The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remot... The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid:

CVE-2016-5689 [CRITICAL] CVE-2016-5689: imagemagick - The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remot... The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie:

CVE-2016-5690 [CRITICAL] CVE-2016-5690: imagemagick - The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x be... The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6

CVE-2016-4564 [CRITICAL] CVE-2016-4564: imagemagick - The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.... The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved

CVE-2016-10054 [HIGH] CVE-2016-10054: imagemagick - Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick bef... Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfs

CVE-2016-10048 [HIGH] CVE-2016-10048: imagemagick - Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allo... Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. Scope: local bookworm: resolved (fixed in 8:6.9.5.7+dfsg-1) bullseye: resolved (fixed in 8:6.9.5.7+dfsg-1) forky: resolved (fixed in 8:6.9.5.7+dfsg-1) sid: resolved (fixed in 8:6.9.5.7+dfsg-1) trixie: resolved (fi

CVE-2016-3714 [HIGH] CVE-2016-3714: graphicsmagick - The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and... The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: r

CVE-2016-10146 [HIGH] CVE-2016-10146: imagemagick - Multiple memory leaks in the caption and label handling code in ImageMagick allo... Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Scope: local bookworm: resolved (fixed in 8:6.9.7.0+dfsg-2) bullseye: resolved (fixed in 8:6.9.7.0+dfsg-2) forky: resolved (fixed in 8:6.9.7.0+dfsg-2) sid: resolved (fixed in 8:6.9.7.0+dfsg-

CVE-2016-10052 [HIGH] CVE-2016-10052: imagemagick - Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick bef... Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfs

CVE-2016-8707 [HIGH] CVE-2016-8707: imagemagick - An exploitable out of bounds write exists in the handling of compressed TIFF ima... An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

CVE-2016-10059 [HIGH] CVE-2016-10059: imagemagick - Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote att... Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixe

CVE-2016-10050 [HIGH] CVE-2016-10050: imagemagick - Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in Image... Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.

CVE-2016-10252 [HIGH] CVE-2016-10252: imagemagick - Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick... Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:

CVE-2016-10064 [HIGH] CVE-2016-10064: imagemagick - Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote att... Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in

CVE-2016-5842 [HIGH] CVE-2016-5842: imagemagick - MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to o... MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in