Debian Imagemagick vulnerabilities

CVE-2016-7520 [MEDIUM] CVE-2016-7520: imagemagick - Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attacker... Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolve

CVE-2016-7529 [MEDIUM] CVE-2016-7529: imagemagick - coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service... coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8:6.9.6.2+dfsg-2)

CVE-2016-3715 [MEDIUM] CVE-2016-3715: graphicsmagick - The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows... The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3.24-1)

CVE-2016-9559 [MEDIUM] CVE-2016-9559: imagemagick - coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a d... coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. Scope: local bookworm: resolved (fixed in 8:6.9.6.5+dfsg-1) bullseye: resolved (fixed in 8:6.9.6.5+dfsg-1) forky: resolved (fixed in 8:6.9.6.5+dfsg-1) sid: resolved (fixed in 8:6.9.6.5+dfsg-1) trixie: resolved

CVE-2016-10071 [MEDIUM] CVE-2016-10071: imagemagick - coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a de... coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie

CVE-2016-10066 [MEDIUM] CVE-2016-10066: imagemagick - Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick be... Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8

CVE-2016-7531 [MEDIUM] CVE-2016-7531: imagemagick - MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of ... MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8:6.9.6.2+

CVE-2016-7532 [MEDIUM] CVE-2016-7532: imagemagick - coders/psd.c in ImageMagick allows remote attackers to cause a denial of service... coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8:6.9.6.2+dfsg-2)

CVE-2016-7521 [MEDIUM] CVE-2016-7521: imagemagick - Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attacker... Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolve

CVE-2016-7535 [MEDIUM] CVE-2016-7535: imagemagick - coders/psd.c in ImageMagick allows remote attackers to cause a denial of service... coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8:6.9.6.2+dfsg-2)

CVE-2016-7528 [MEDIUM] CVE-2016-7528: imagemagick - The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attacke... The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resol

CVE-2016-5010 [MEDIUM] CVE-2016-5010: imagemagick - coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a d... coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8

CVE-2016-7525 [MEDIUM] CVE-2016-7525: imagemagick - Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attacker... Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolve

CVE-2016-10062 [MEDIUM] CVE-2016-10062: imagemagick - The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the ... The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-1) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-1) forky: resolved (fixed in 8:6.9.7.4+dfs

CVE-2016-7514 [MEDIUM] CVE-2016-7514: imagemagick - The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote a... The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie:

CVE-2016-10046 [MEDIUM] CVE-2016-10046: imagemagick - Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMa... Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolve

CVE-2016-7526 [MEDIUM] CVE-2016-7526: imagemagick - coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service... coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved (fixed in 8:6.9.6.2+dfsg-2)

CVE-2016-7540 [MEDIUM] CVE-2016-7540: imagemagick - coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a d... coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfsg-2) trixie: resolved

CVE-2016-7515 [MEDIUM] CVE-2016-7515: imagemagick - The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers... The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. Scope: local bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2) forky: resolved (fixed in 8:6.9.6.2+dfsg-2) sid: resolved (fixed in 8:6.9.6.2+dfs

CVE-2016-9298 [MEDIUM] CVE-2016-9298: imagemagick - Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMag... Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. Scope: local bookworm: resolved (fixed in 8:6.9.6.5+dfsg-1) bullseye: resolved (fixed in 8:6.9.6.5+dfsg-1) forky: resolved (fixed in 8:6.9.6.5+dfsg-1) sid: reso