Debian Security Advisory

DLA-756-1 imagemagick -- LTS security update

Date Reported:
22 Dec 2016
Affected Packages:
imagemagick
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 840437, Bug 845206, Bug 848139, Bug 845634, Bug 845242, Bug 845243, Bug 845195, Bug 845196.
In Mitre's CVE dictionary: CVE-2016-7799, CVE-2016-8707, CVE-2016-8862, CVE-2016-8866, CVE-2016-9556.
More information:

Numerous vulnerabilities were discovered in ImageMagick, an image manipulation program. Issues include memory exception, heap, buffer and stack overflows, out of bound reads and missing checks.

For Debian 7 Wheezy, these problems have been fixed in version 8:6.7.7.10-5+deb7u10.

The exact impact of the vulnerabilities is unknown, as they were mostly discovered through fuzzing. We still recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS