Debian Security Advisory
DLA-1888-1 imagemagick -- LTS security update
- Date Reported:
- 16 Aug 2019
- Affected Packages:
- imagemagick
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-12974, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306.
- More information:
-
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit.
- CVE-2019-12974
NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.
- CVE-2019-13135
Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.
- CVE-2019-13295,
CVE-2019-13297
Multiple heap buffer over-reads in AdaptiveThresholdImage (magick/threshold.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.
- CVE-2019-13304,
CVE-2019-13305, CVE-2019-13306
Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to stack buffer over write up to ten bytes. Remote attackers might leverage these flaws to potentially perform code execution or denial of service.
For Debian 8
Jessie
, these problems have been fixed in version 8:6.8.9.9-5+deb8u17.We recommend that you upgrade your imagemagick packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2019-12974