[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1082-1] graphicsmagick security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u9
CVE ID         : CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063
                 CVE-2017-13064 CVE-2017-13065 CVE-2017-13776 CVE-2017-13777


CVE-2017-13776
CVE-2017-13777
     denial of service issue in ReadXBMImage()

CVE-2017-12935
     The ReadMNGImage function in coders/png.c mishandles large MNG
     images, leading to an invalid memory read in the
     SetImageColorCallBack function in magick/image.c.

CVE-2017-12936
     The ReadWMFImage function in coders/wmf.c has a use-after-free
     issue for data associated with exception reporting.

CVE-2017-12937
     The ReadSUNImage function in coders/sun.c has a colormap
     heap-based buffer over-read.

CVE-2017-13063
CVE-2017-13064
     heap-based buffer overflow vulnerability in the function
     GetStyleTokens in coders/svg.c

CVE-2017-13065
     NULL pointer dereference vulnerability in the function
     SVGStartElement in coders/svg.c


For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u9.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZqG/KXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHH9oQAJDSjo/o+oue/kh+gHuVqQSZ
ZB30yCNvH0uOJQ5mkPtkTImQi8gpIHzZ56cYQgTJnrTxNOgp6K0sC2Tg3E5RvQvj
zNB7pCkcuGrkIDwLaAeYvZHGIifXf0vpbBw5P3wMw18pAIHrYWv0thk7jfzM3tOH
j70UZuvMRx6omcKZveiUMD5B9vram8yGL343ZOJF6aR6qMFt5ZUd812Gv+vhqlmU
4A0ONPvLGUzwC3T5La1lzcqJx2gPXFkXasptQuDSXdMq78NF/e4Fb0Fq8ojaT6vx
/pxB8LDh9/sxl1w0OV9dDOdqWCGGxLy5ezFmg9qT8daafNVAI33JGoXkjDiClXJA
/w2/5e5xkEi/nBek1bfvk5Rh46aLxNkS+EkTCl9jHsQk8mjSZc8fKDEDPp+MO84v
AflgDhL0cf0F/azKJpjxklWzFnLgWL6YkmChmTF3bo1HQbaAS6u+DIhgV2q9BDyC
sM83TPMNtvn85cCnHAFmmdhTF4LgmR9dsKK6nhWk/+6iFeKNnfCqqhOsmcMrEroF
pbrZSYD8zkSjjeoI7N8yi6oQizm676YJiwKg68364GC/34w2iRuC0YdTQbHshhu3
DkW454I0EZPCXdV28Hdus8dbzUC9bjbqNtlOiGtWnRm7rJ/Fw3G9P/cx+XBhNm7a
hnHxECDnw2nshZ4r3hsJ
=RKMK
-----END PGP SIGNATURE-----
Reply to: