Debian Security Advisory
DLA-242-1 imagemagick -- LTS security update
- Date Reported:
- 11 Jun 2015
- Affected Packages:
- imagemagick
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3437, CVE-2014-8354, CVE-2014-8355, CVE-2014-8562.
- More information:
-
This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats. Most of those potential security problems do not have a CVE number assigned.
While the security implications of all of these problems are not all fully known, it is highly recommended to update.
The update fixes the following identified vulnerabilities:
- CVE-2012-3437
Incorrect validation of PNG buffer size, leading to DoS using specially crafted PNG files.
- CVE-2014-8354
Out of bounds memory access in resize
- CVE-2014-8355
Buffer overflow in PCX reader
- CVE-2014-8562
Buffer overflow in DCM readers
- CVE-2012-3437