Publishing details

Changelog

graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
    - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
      reading heap data beyond the allocated size.
    - CVE-2017-17912
  * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
    - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
      the image pointer provided by libwebp is valid.
    - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
      0.5.0+ by disabling progress indication.
    - CVE-2017-17913
  * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
    - debian/patches/CVE-2017-17915.patch: Check range limit before accessing
      byte to avoid minor heap read overflow.
    - CVE-2017-17915
  * SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
    - debian/patches/CVE-2017-18219.patch: check MemoryResource before
      attempting to allocate ping_pixels array.
    - CVE-2017-18219
  * SECURITY UPDATE: Allocation failure in ReadTIFFImage()
    - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
      tile memory allocation requests based on file size.
    - CVE-2017-18229
  * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
    - debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
    - CVE-2017-18230
  * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
    - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
    - CVE-2017-18231

 -- Eduardo Barretto <email address hidden>  Mon, 03 Feb 2020 16:47:01 -0300

Available diffs

Builds

Built packages

Package files