Publishing details
Changelog
imagemagick (8:6.9.7.4+dfsg-16ubuntu6.4) bionic-security; urgency=medium
* SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
* SECURITY UPDATE: information leak in ReadXBMImage
- debian/patches/CVE-2018-16323.patch: don't leave data
uninitialized with negative pixels
- CVE-2018-16323
* SECURITY UPDATE: uninitialized variable usage in ReadMATImageV4
- debian/patches/CVE-2018-14551.patch: initialize variable
- CVE-2018-14551
* SECURITY UPDATE: memory leak of colormap in WriteMPCImage
- debian/patches/CVE-2018-14434.patch: free colormap on bad
color depth
- CVE-2018-14434
* SECURITY UPDATE: memory leak in DecodeImage
- debian/patches/CVE-2018-14435.patch: free memory when given a
bad plane
- CVE-2018-14435
* SECURITY UPDATE: memory leak in ReadMIFFImage
- debian/patches/CVE-2018-14436.patch: free memory when given a
bad depth
- CVE-2018-14436
* SECURITY UPDATE: memory leak in parse8BIM
- debian/patches/CVE-2018-14437.patch: free strings in error
conditions
- CVE-2018-14437
* SECURITY UPDATE: memory leak in ReadOneJNGImage
- debian/patches/CVE-2018-16640.patch: free memory on error
- CVE-2018-16640
* SECURITY UPDATE: denial of service due to out-of-bounds write
in InsertRow
- debian/patches/CVE-2018-16642.patch: improve checking for errors
- CVE-2018-16642
* SECURITY UPDATE: denial of service due to missing fputc checks
- debian/patches/CVE-2018-16643.patch: check fputc calls for error
- CVE-2018-16643
* SECURITY UPDATE: denial of service in ReadDCMImage and
ReadPICTImage
- debian/patches/CVE-2018-16644-prereq-1.patch: define
ThrowPICTException() macro and use it
- debian/patches/CVE-2018-16644-1.patch,
debian/patches/CVE-2018-16644-2.patch: check for invalid length
- CVE-2018-16644
* SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage
- debian/patches/CVE-2018-16645.patch: ensure number_colors is
not too large
- CVE-2018-16645
* SECURITY UPDATE: denial of service in ReadOneJNGImage
- debian/patches/CVE-2018-16749.patch; check for NULL color_image
- CVE-2018-16749
* SECURITY UPDATE: memory leak in formatIPTCfromBuffer
- debian/patches/CVE-2018-16750.patch: free memory on error
- CVE-2018-16750
-- Steve Beattie <email address hidden> Fri, 28 Sep 2018 11:19:24 -0700
Builds
Package files