Debian Security Advisory
DLA-1229-1 imagemagick -- LTS security update
- Date Reported:
- 04 Jan 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-1000445, CVE-2017-1000476.
- More information:
It was discovered that there were two vulnerabilities in the imagemagick image manipulation program:
A null pointer dereference in the MagickCore component which could lead to denial of service.
A potential denial of service attack via CPU exhaustion.
For Debian 7
Wheezy, this issue has been fixed in imagemagick version 8:22.214.171.124-5+deb7u20.
We recommend that you upgrade your imagemagick packages.