Debian Security Advisory
DLA-1229-1 imagemagick -- LTS security update
- Date Reported:
- 04 Jan 2018
- Affected Packages:
- imagemagick
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-1000445, CVE-2017-1000476.
- More information:
-
It was discovered that there were two vulnerabilities in the imagemagick image manipulation program:
- CVE-2017-1000445
A null pointer dereference in the MagickCore component which could lead to denial of service.
- CVE-2017-1000476
A potential denial of service attack via CPU exhaustion.
For Debian 7
Wheezy
, this issue has been fixed in imagemagick version 8:6.7.7.10-5+deb7u20.We recommend that you upgrade your imagemagick packages.
- CVE-2017-1000445