Changelog
imagemagick (8:6.8.9.9-4) unstable; urgency=high
* Fix a few security bugs (Closes: #773834):
- Avoid a DOS in vision.c due to an infinite loop.
- Avoid a SEGV due to a corrupted pnm file.
- Do not leak fd due to corrupted file.
- Fix a double free in pdb coder.
- Fix a SEGV due to corrupted dpc and xwd images.
- Fix a SEGV in dpx file handler.
- Fix a SEGV in malformed xwd file handler.
- Avoid a NULL pointer dereference in ps file handling.
- Fix a crash with corrupted viff file.
- Fix a NULL pointer dereference in wpg file handling.
- Do not continue on corrupted wpg file.
- Avoid an out of bound access in viff image.
- Avoid a heap buffer overflow in pdb file handling.
- Avoid an out of bound acess on malformed sun file.
- Avoid heap overflow in palm, pnm and xpm files.
- Fix heap overflow in quantum, palm and psd file.
- Fix handling of corrupted of psd, sun and xpm file.
- Fix corrupted (too many colors) psd file.
- Fix an out of bound acess in sun file.
- Fix handling of corrupted sun and wpg file.
- Fix heap overflow in pcx file, psd, pict and wpf files
and DOS in xpm files.
- Add additional PNM sanity checks.
- Avoid a crash to out of memory in magick/cache.c
- Fix a theorical out of bound access in magick/colormap-private.h
- Fix an out of bound access in palm file.
- Fixed throwing of exceptions in psd handling and fix a memory leak.
- Fixed boundary checks in DecodePSDPixels.
- Fix another out of bound problem in rle file.
- Fix crash due to corrupted dib file.
- Added checks to prevent overflow in rle file.
- Impose a limit of 10 million columns or rows in an input PNG
- Don't try to handle a "previous" image in the JNG decoder.
- Avoid a memory leak in quantum management.
- Avoid a crash in png coder.
- Thread limit should be at least 1 in order to be efficient.
- In psd file handling fixed parsing resource block and
avoid a crash.
- In cache fix usage of object after it has been destroyed.
- Avoid a memory leak in rle file handling.
- During identification of image do not fill memory
-- Bastien Roucariès <email address hidden> Tue, 23 Dec 2014 22:02:08 +0100