Debian Security Advisory

DSA-4019-1 imagemagick -- security update

Date Reported:
05 Nov 2017
Affected Packages:
imagemagick
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 870526, Bug 870491, Bug 870116, Bug 870111, Bug 870109, Bug 870106, Bug 870119.
In Mitre's CVE dictionary: CVE-2017-9500, CVE-2017-11446, CVE-2017-11523, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12428, CVE-2017-12431, CVE-2017-12432, CVE-2017-12434, CVE-2017-12587, CVE-2017-12640, CVE-2017-12671, CVE-2017-13139, CVE-2017-13140, CVE-2017-13141, CVE-2017-13142, CVE-2017-13143, CVE-2017-13144, CVE-2017-13145.
More information:

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

For the stable distribution (stretch), this problem has been fixed in version 8:6.9.7.4+dfsg-11+deb9u2.

We recommend that you upgrade your imagemagick packages.