Debian Security Advisory
DLA-1888-1 imagemagick -- LTS security update
- Date Reported:
- 16 Aug 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-12974, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306.
- More information:
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit.
NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.
Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.
Multiple heap buffer over-reads in AdaptiveThresholdImage (magick/threshold.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data.
Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to stack buffer over write up to ten bytes. Remote attackers might leverage these flaws to potentially perform code execution or denial of service.
For Debian 8
Jessie, these problems have been fixed in version 8:126.96.36.199-5+deb8u17.
We recommend that you upgrade your imagemagick packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS