Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-353-1 imagemagick

Debian Security Advisory

DLA-353-1 imagemagick -- LTS security update

Date Reported:

27 Nov 2015

Affected Packages:

imagemagick

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 806441.

More information:

Submitting specially crafted icons (.ico) or .pict images to ImageMagick can trigger integer overflows that can lead to buffer overflows and memory allocations issues. Depending on the case, this can lead to a denial of service or possibly worse.

For Debian 6 Squeeze, those issues have been fixed in imagemagick 8:6.6.0.4-3+squeeze7. We recommend that you upgrade your packages.