Change log for graphicsmagick package in Ubuntu
1 → 75 of 159 results | First • Previous • Next • Last |
graphicsmagick (1.4+really1.3.42-1.1build3) noble; urgency=medium * Rebuild against new libpng16-16t64. -- Gianfranco Costamagna <email address hidden> Tue, 16 Apr 2024 15:33:46 +0200
Available diffs
graphicsmagick (1.4+really1.3.42-1.1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:08:06 +0000
Available diffs
graphicsmagick (1.4+really1.3.42-1.1build1) noble; urgency=medium * No-change rebuild for perlapi5.38t64. -- Matthias Klose <email address hidden> Sat, 02 Mar 2024 17:03:19 +0100
Available diffs
Superseded in noble-proposed |
graphicsmagick (1.4+really1.3.42-1.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1063117 -- Benjamin Drung <email address hidden> Fri, 01 Mar 2024 12:05:32 +0000
Available diffs
Superseded in noble-proposed |
graphicsmagick (1.4+really1.3.42-1build2) noble; urgency=medium * No-change rebuild against libpng16-16t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 06:47:46 +0000
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
graphicsmagick (1.4+really1.3.42-1build1) noble; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Wed, 10 Jan 2024 14:04:33 +0100
Available diffs
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
graphicsmagick (1.4+really1.3.42-1) unstable; urgency=high * New upstream release, including many security fixes. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 24 Sep 2023 16:35:56 +0200
Available diffs
graphicsmagick (1.4+really1.3.41-1) unstable; urgency=medium * New upstream release. * Use binary-targets for Rules-Requires-Root (closes: #1011774). * Update Standards-Version to 4.6.2 . * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 15 Aug 2023 17:33:11 +0200
Available diffs
graphicsmagick (1.4+really1.3.40-4) unstable; urgency=medium * Remove development ifdef from memory leak fix. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 17 Apr 2023 19:17:10 +0200
Available diffs
graphicsmagick (1.4+really1.3.35-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: heap buffer overflow in ReadMNGImage - debian/pacthes/CVE-2020-12672: fix small heap overwrite or assertion if magnifying and image to be magnified has rows or columns == 1. - CVE-2020-12672 * SECURITY UPDATE: heap buffer overflow when parsing MIFF files - debian/patches/CVE-2022-1270.patch: validate claimed bzip2-compressed row length prior to reading data into fixed size buffer. - CVE-2022-1270 -- Camila Camargo de Matos <email address hidden> Tue, 21 Mar 2023 11:20:03 -0300
graphicsmagick (1.3.28-2ubuntu0.2) bionic-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Fri, 17 Mar 2023 08:39:01 -0300
Available diffs
- diff from 1.3.28-2ubuntu0.1 to 1.3.28-2ubuntu0.2 (406 bytes)
graphicsmagick (1.4+really1.3.38-1ubuntu0.1) jammy-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Thu, 16 Mar 2023 08:14:46 -0300
Available diffs
graphicsmagick (1.4+really1.3.38+hg16739-1ubuntu0.1) kinetic-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Wed, 15 Mar 2023 15:52:32 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
graphicsmagick (1.4+really1.3.40-2build1) lunar; urgency=medium * Rebuild against latest tiff -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 21:38:34 -0500
Available diffs
graphicsmagick (1.4+really1.3.40-2) unstable; urgency=medium * Don't force tiff dependency, let shlibs handle it (closes: #1029212). -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 19 Jan 2023 19:44:45 +0100
Available diffs
Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.40-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.6.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 15 Jan 2023 08:33:55 +0100
Available diffs
Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.39-2) unstable; urgency=medium * Backport security fix WritePCXImage(): Fix heap overflow when writing more than 1023 scenes, and also eliminate use of uninitialized memory. -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 30 Dec 2022 23:25:30 +0100
Available diffs
Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.39-1) unstable; urgency=medium * New upstream release. * Enable JPEG XL format support (closes: #1026220). * Migrate gsfonts dependencies to fonts-urw-base35 (closes: #1020373). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 27 Dec 2022 08:32:14 +0100
Available diffs
Superseded in lunar-proposed |
Deleted in lunar-proposed (Reason: Temporary removal for the perl 5.36 transition) |
graphicsmagick (1.4+really1.3.38+hg16870-1) unstable; urgency=high * Mercurial snapshot, fixing several security issues. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 11 Dec 2022 07:59:31 +0100
Available diffs
Superseded in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.38+hg16739-1build1) lunar; urgency=medium * Rebuild against new perlapi-5.36. -- Gianfranco Costamagna <email address hidden> Fri, 04 Nov 2022 16:22:39 +0100
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
graphicsmagick (1.4+really1.3.38+hg16739-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issue: - ReadSVGImage(): null pointer dereference by checking return from xmlCreatePushParserCtxt() . * Restore non-const Image::colorMapSize() since it caused an ABI change (closes: #1019158). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 06 Sep 2022 18:30:49 +0200
Available diffs
Superseded in kinetic-proposed |
graphicsmagick (1.4+really1.3.38+hg16728-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ThrowLoggedException(): dereference after NULL check, - ReadJP2Image(): division by float zero, - MagickXMakeMagnifyImage(): division by zero, - ScaleImage(): resource leak, - GetLocaleMessageFromTag(): out of bounds read, - DrawPrimitive(): out of bounds access, - ReadOnePNGImage(): use of uninitialized value, - ReadMNGImage(): heap use after free in CloseBlob(), - ReadMNGImage(): indirect leak, - ReadOnePNGImage(): indirect leak in MagickMallocCleared(). -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 11 Aug 2022 23:50:27 +0200
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
graphicsmagick (1.4+really1.3.38-1) unstable; urgency=high * New upstream release, including many security fixes. * Update watch file. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 27 Mar 2022 09:47:45 +0200
Available diffs
graphicsmagick (1.4+really1.3.37+hg16662-1ubuntu1) jammy; urgency=medium * Revert 16603:ba930c1fc380 to address regression in ruby-mini-magick (LP: #1962210) -- Dan Bungert <email address hidden> Thu, 24 Feb 2022 18:38:23 -0700
Available diffs
Superseded in jammy-proposed |
graphicsmagick (1.4+really1.3.37+hg16662-1) unstable; urgency=medium * Mercurial snapshot, fixing the following security issues: - ReadMATImageV4(): change 'ldblk' to size_t and check related calculations for overflow and to avoid possible negative seek offsets, - ReadMATImage(): change 'ldblk' to size_t and check related calculations for overflow and to avoid possible negative seek offsets, - added a ReadResource limit via the MAGICK_LIMIT_READ environment variable on how many uncompressed file bytes may be read while decoding an input file, - DecodeImage(): assure that the claimed scanline length is within the bounds of the scanline allocation to avoid possible heap overflow, - ReadBlob(): fix EOF logic, an use-of-uninitialized-value in SyncImageCallBack, - ReadBlobStream(): fix EOF logic, an use-of-uninitialized-value in WritePNMImage. * Build with HEIF image format support. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 11 Feb 2022 18:39:16 +0100
Available diffs
Superseded in jammy-proposed |
graphicsmagick (1.4+really1.3.37-1build2) jammy; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:40:15 +0100
Available diffs
graphicsmagick (1.4+really1.3.37-1build1) jammy; urgency=medium * No-change rebuild against latest libwebp -- Jeremy Bicha <email address hidden> Tue, 01 Feb 2022 09:21:25 -0500
Available diffs
graphicsmagick (1.4+really1.3.37-1) unstable; urgency=high * New upstream release, including many security fixes. * Update library symbols for this release. [ Vagrant Cascadian <email address hidden> ] * Pass MVDelegate to configure for fixing reproducible builds on usrmerge systems (closes: #990084). -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 13 Dec 2021 17:50:54 +0100
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
graphicsmagick (1.4+really1.3.36+hg16481-2) unstable; urgency=medium * Backport fix for use appropriate memory deallocator for memory returned by StringToList() (closes: #991380). -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 24 Jul 2021 11:42:42 +0200
Available diffs
graphicsmagick (1.4+really1.3.36+hg16481-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ProcessStyleClassDefs(): fix non-terminal loop caused by a self-referential list which results in huge memory usage, - MSLCDataBlock(): fix leak of value from xmlNewCDataBlock(), - ProcessStyleClassDefs(): fix memory leak upon malformed class name list, - ProcessStyleClassDefs(): fix non-terminal loop and huge memory allocation caused by self-referential list, - SVGReference(): fix memory leak when parser node is null, - MSLStartElement(): fix assertion in TranslateText() when there are no attributes available. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 28 Feb 2021 23:26:56 +0100
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.36+hg16472-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadJP2Image(): validate that file header is a format we expect Jasper to decode, - MSLPushImage(): only clone attributes if not null, - SVGStartElement(): reject impossibly small bounds and view_box width or height. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 22 Feb 2021 06:54:42 +0100
Available diffs
graphicsmagick (1.4+really1.3.36+hg16469-1) unstable; urgency=medium * Mercurial snapshot: - MagickDoubleToLong(): Guard against LONG_MAX not directly representable as a double, - handle Ghostscript point versions added after 9.52 . * Make libgraphicsmagick1-dev depend on pkg-config (closes: #977699). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 21 Feb 2021 08:24:57 +0100
Available diffs
Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36+hg16462-1) unstable; urgency=medium * Mercurial snapshot: - ExecuteModuleProcess(): add error reporting for the case that the expected symbol is not resolved, - AnalyzeImage(): add OpenMP speed-ups, - TranslateTextEx(): fabricate default resolution values if the actual resolution values are zero. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 07 Feb 2021 15:04:57 +0100
Available diffs
Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36+hg16448-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - coders/tiff.c: remove unintended double-charging for memory resource, - magick/pixel_cache.c: use resource limited memory allocator, - InverseAffineMatrix(): avoid possible division by zero or absurdly extreme scaling. * Add upstream metadata. * Update watch file. * Update packaging bits. [ Helmut Grohne <email address hidden> ] * Reduce Build-Depends (closes: #980721): + Drop unused libexif-dev. + Annotate sharutils with <!nocheck> as uudecode is conditionally used in d/rules. + Annotate gsfonts with <!nocheck> as it is only used in unit tests. + Drop unused transfig as d/rules passes --without-frozenpaths. + Drop unused libltdl-dev as d/rules passes --without-modules. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 23 Jan 2021 10:10:54 +0100
Available diffs
graphicsmagick (1.4+really1.3.36+hg16442-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - super_fgets_w() and super_fgets(): assure that returned pointer value is the same as reported via 'b', - ReadIdentityImage(): don't lose exception info if an image is not returned, - ReadMETAImage(): fix double-free if blob buffer was reallocated after being attached to blob, - ReadGIFImage(): fix memory leak of global_colormap if realloc of memory for comment fails. * Fix broken reading of planar RGB files. -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 08 Jan 2021 18:02:36 +0100
Available diffs
Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36-1) unstable; urgency=high * New upstream release, fixing the following security issues: - update almost all of the remaining coders to use the resource-limited memory allocator, - ReadMPCImage(): heap-buffer-overflow read, - EdgeImage(): fix null pointer dereference if edge image failed to be created, - CompareImageCommand() and CompositeImageCommand(): fix memory leaks when an input image failed to be read, - fix several null pointer dereference if an image failed to be created, - Classify(): remove variables from function global scope that don't need outer scope, - ReadMIFFImage() and ReadMPCImage(): arbitrarily limit the number of header keywords to avoid DOS attempts. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 27 Dec 2020 07:44:36 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16404-1) unstable; urgency=medium * Mercurial snapshot, fixing the following issue: - ImportRLEPixels(): Change from C assertion to exception report. -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 18 Dec 2020 20:18:42 +0100
Available diffs
Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.35+hg16397-1) unstable; urgency=medium * Mercurial snapshot, fixing the following issue: - fix a regression with parsing MVG and SVG files which contain a "mask" statement. * Update debhelper level to 13 . * Update Standards-Version to 4.5.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 12 Dec 2020 20:44:16 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16394-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - DrawImage(): Verify that affine scaling factors are not zero - fixing divide-by-zero in InverseAffineMatrix() , - DrawPolygonPrimitive(): Thread error status check was at wrong scope, resulting in code executing when it should have quit, - DrawImage(): Use unique image attribute space for MVG symbols - fixing stack-overflow in DrawImage() and integer-overflow in DrawPolygonPrimitive() . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 06 Dec 2020 10:37:34 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16390-1) unstable; urgency=medium * Mercurial snapshot, fixing the following security issues: - DrawImage(): Reject pattern image with a dimension of zero, - add private interfaces for allocating memory while respecting resource limits and use them in MVG rendering and MIFF reader code, - WriteMIFFImage(): Update to use resource-limit respecting memory allocators, - adjust test suite memory limit to 128/256/512MB for Q8/Q16/Q32 builds, - ConvertPathToPolygon(): Fix memory leak upon memory reallocation failure, - ReadSVGImage(): Fix memory leak due to CDATA block, and some other possible small leaks, - WritePSImage(): Fix problem when writing PseudoClass mage with a colormap larger than two entries as bilevel, - DrawPolygonPrimitive(): Try to minimize the impact of too many threads due to replicated data, - ConvertPathToPolygon(): Make sure not to leak points from added Edge, - DrawDashPolygon(): Place an aribrary limit on stroke dash polygon unit maximum length, - ConvertPathToPolygon(): Attempt to fix leak of 'points' on memory allocation failure, - BMP: Use resource-limited memory allocator, - DIB: Use resource-limited memory allocator, - FITS: Use resource-limited memory allocator, - WriteJBIGImage(): Use resource-limited memory allocator, - WEBP: Use resource-limited memory allocator, - ReadGIFImage(): Use resource-limited memory allocator when reading the comment extension, - ReadOneJNGImage(): Fix issues related to invoking sub-decoders (which may lead to unexpected behavior), - MAT: Use resource-limited memory allocator. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 03 Dec 2020 21:22:54 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16348-1build1) hirsute; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 12:41:04 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16348-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - DrawPrimitive(): destroy composite_image since it may be a list, fixing indirect memory leak in MagickMalloc() , - DrawPrimitive(): missing DestroyImageList() request if multiple-frames were returned, - ConstituteImage(): set image depth appropriately based on StorageType and QuantumDepth. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 17 Oct 2020 07:49:58 +0200
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.35+hg16297-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - fix WPG heap-buffer-overflow in ImportGrayQuantumType(), - fix WPG heap-buffer-overflow in InsertRow(), - fix WPG thrown assertion due to a double-free of memory. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 07 Jun 2020 21:02:16 +0200
Available diffs
Superseded in groovy-proposed |
graphicsmagick (1.4+really1.3.35+hg16296-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadWPGImage(): Terminate reading when a pixel cache resource limit is hit rather than moving on to heap buffer overflow, - WriteTIFFImage(): WebP compression only supports a depth of 8; fixes use-of-uninitialized-value in GammaToLinear. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 03 Jun 2020 17:49:58 +0200
Available diffs
Superseded in groovy-proposed |
graphicsmagick (1.4+really1.3.35-2) unstable; urgency=high * Backport security fix for CVE-2020-12672, MNG: small heap overwrite or assertion if magnifying and image to be magnified has rows or columns == 1 (closes: #960000). -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 30 May 2020 17:41:09 +0200
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high * New upstream release, fixing the following security issues among others: - ReadSVGImage(): Fix dereference of NULL pointer when stopping image timer, - DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() . * Update library symbols for this release. [ Nicolas Boulenguez <email address hidden> ] * mime: improve formatting. * mime: adjust priority for all images (closes: #951758). -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 23 Feb 2020 20:42:10 +0000
Available diffs
Superseded in focal-proposed |
graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium * Mercurial snapshot, fixing the following security issues: - WritePICTImage(): Eliminating small buffer overrun when run-length encoding pixels, - WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw exception, - DecodeImage(): Fix heap buffer over-reads, - DecodeImage(): Allocate extra scanline memory to allow small RLE overrun. * Update library symbols for this release. * Update Standards-Version to 4.5.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 07 Feb 2020 19:02:36 +0000
Available diffs
graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile() - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing reading heap data beyond the allocated size. - CVE-2017-17912 * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage() - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that the image pointer provided by libwebp is valid. - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp 0.5.0+ by disabling progress indication. - CVE-2017-17913 * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage() - debian/patches/CVE-2017-17915.patch: Check range limit before accessing byte to avoid minor heap read overflow. - CVE-2017-17915 * SECURITY UPDATE: Allocation failure in ReadOnePNGImage() - debian/patches/CVE-2017-18219.patch: check MemoryResource before attempting to allocate ping_pixels array. - CVE-2017-18219 * SECURITY UPDATE: Allocation failure in ReadTIFFImage() - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and tile memory allocation requests based on file size. - CVE-2017-18229 * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage() - debian/patches/CVE-2017-18230.patch: Validate scandata allocation. - CVE-2017-18230 * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile() - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation. - CVE-2017-18231 -- Eduardo Barretto <email address hidden> Mon, 03 Feb 2020 16:47:01 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS in ReadWPGImage() - debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a PseudoClass type with valid colormapped indexes. - CVE-2017-16545 * SECURITY UPDATE: DoS (negative strncpy) in DrawImage() - debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads to large strncpy size request and bad array index. - CVE-2017-16547 * SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c - debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when something fails. - debian/patches/CVE-2017-16669-2.patch: Wrong row count checking. - debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes pointer due to programming error and report it. - debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to produce expected PseudoClass indexes. - debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value. - debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for all calls. - CVE-2017-16669 * SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage() - debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing gray+alpha 1-bit/sample. - CVE-2017-17498 * SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage() - debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile outside image bounds. - CVE-2017-17500 * SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage() - debian/patches/CVE-2017-17501.patch: Fix heap read overrun while testing pixels for opacity. - CVE-2017-17501 * SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage() - debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile outside image bounds. - CVE-2017-17502 * SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage() - debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile outside image bounds. - CVE-2017-17503 * SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage() - debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk which caused heap read overflow. - CVE-2017-17782 * SECURITY UPDATE: Buffer over-read in ReadPALMImage() - debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build while initializing color palette. - CVE-2017-17783 -- Eduardo Barretto <email address hidden> Tue, 21 Jan 2020 14:15:33 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage() - debian/patches/CVE-2017-14165.patch: Verify that file header data length, and file length are sufficient for claimed image dimensions. - CVE-2017-14165 * SECURITY UPDATE: Heap-based buffer over-read in DrawImage() - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in DrawDashPolygon(). - CVE-2017-14314 * SECURITY UPDATE: Null pointer dereference in ReadPNMImage() - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256 colors. - CVE-2017-14504 * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c - debian/patches/CVE-2017-14649.patch: Validate JNG data properly. - CVE-2017-14649 * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage() - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha flag is present. - CVE-2017-14733 * SECURITY UPDATE: Null pointer dereference in ReadDCMImage() - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer. - CVE-2017-14994 * SECURITY UPDATE: Integer underflow in ReadPICTImage() - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to astonishingly large allocation request. - CVE-2017-14997 * SECURITY UPDATE: Resource leak in ReadGIFImage() - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully initialized. - CVE-2017-15277 * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage() - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer when transferring JPEG scanlines. - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null PixelPacket pointer. - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable dimensions given the file size. - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception gets reported on read failure. - CVE-2017-15930 * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage() - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow while describing visual image directory. - CVE-2017-16352 * SECURITY UPDATE: Memory information disclosure in DescribeImage() - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the IPTC profile. - CVE-2017-16353 -- Eduardo Barretto <email address hidden> Mon, 06 Jan 2020 15:39:05 -0300
Available diffs
graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium * Mercurial snapshot, fixing the following security issue: - WritePCXImage(): Fix heap overflow in PCX writer when bytes per line value overflows its 16-bit storage unit. * Fix definition of ResourceInfinity. [ Nicolas Boulenguez <email address hidden> ] * Lower MIME priority for PS/PDF (closes: #935099). -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Dec 2019 18:58:57 +0000
Available diffs
graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium * Still use glibc malloc allocator. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 25 Dec 2019 10:09:02 +0000
Available diffs
graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high * New upstream release, fixing the following security issues among others: - PNMInteger(): Place a generous arbitrary limit on the amount of PNM comment text to avoid DoS opportunity, - MagickClearException(): Destroy any existing exception info before re-initializing the exception info or else there will be a memory leak, - HuffmanDecodeImage(): Fix signed overflow on range check which leads to heap overflow, - ReadMNGImage(): Only magnify the image if the requested magnification methods are supported, - GenerateEXIFAttribute(): Add validations to prevent heap buffer overflow, - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern of cloned draw_info are not null, - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit is exceeded (closes: #947311). * Build with Google Thread-Caching Malloc library. * Update Standards-Version to 4.4.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 24 Dec 2019 20:23:10 +0000
Available diffs
graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: Null pointer dereference in WriteMAPImage() - debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer dereference or SEGV if input is not colormapped. - CVE-2017-11638 - CVE-2017-11642 * SECURITY UPDATE: Memory leak in PersistCache() - debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick Persistent Cache format. - CVE-2017-11641 * SECURITY UPDATE: Heap overflow in WriteCMYKImage() - debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple frames with varying widths. - CVE-2017-11643 * SECURITY UPDATE: Invalid memory read in SetImageColorCallBack() - debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions (over 65535). - CVE-2017-12935 * SECURITY UPDATE: Use-after-free in ReadWMFImage() - debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap data in error reporting path. - CVE-2017-12936 * SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage() - debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing colormap in bilevel decoder. - CVE-2017-12937 * SECURITY UPDATE: Heap-based buffer overflow vulnerability - debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix buffer-overflow and inconsistent behavior in GetStyleTokens(). - CVE-2017-13063 - CVE-2017-13064 - CVE-2017-13065 * SECURITY UPDATE: Heap-based buffer over-read in SFWScan - debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in SFWScan(). - CVE-2017-13134 * SECURITY UPDATE: Invalid free in MagickFree() - debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round down, rather than up. - CVE-2017-13737 * SECURITY UPDATE: DoS in ReadJNXImage() - debian/patches/CVE-2017-13775.patch: Fix DOS issues. - CVE-2017-13775 * SECURITY UPDATE: DoS in ReadXBMImage() - debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues. - CVE-2017-13776 - CVE-2017-13777 -- Eduardo Barretto <email address hidden> Thu, 12 Dec 2019 11:31:23 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: Allocation failure vulnerability - debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in coders/png.c - CVE-2017-13147 * SECURITY UPDATE: Allocation failure vulnerability - debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify sufficient backing file data before memory request. - CVE-2017-14042 * SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples per pixel value in a CMYKA TIFF file. - debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel. - CVE-2017-6335 * SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with metadata. - debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce that buffer overflow can not happen while importing pixels. - CVE-2017-10794 * SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with metadata. - debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized based on header, and reject files with insufficient data. - CVE-2017-10799 * SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length color_image data structure. - debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image while reading a JNG. - CVE-2017-11102 * SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file. - debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first scanline. - CVE-2017-11140 * SECURITY UPDATE: Use-after-free via a crafted MNG file. - debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and DestroyImageList() that caused a use-after-free crash. - debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free. - CVE-2017-11403 * SECURITY UPDATE: Heap overflow when processing multiple frames that have non-identical widths. - debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple frames with varying widths. - CVE-2017-11636 * SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function. - debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in writing monochrome images. - CVE-2017-11637 -- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:36:23 -0300
Available diffs
graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function. - debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than 65535. - CVE-2018-20184 * SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function. - debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if sample_bits <= 32. - debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due to arithmetic overflow. - debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations to guard against arithmetic overflow. - CVE-2018-20185 * SECURITY UPDATE: DoS (crash) in ReadDIBImage. - debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits per pixel are not colormapped. - CVE-2018-20189 * SECURITY UPDATE: Stack-based buffer overflow in the function SVGStartElement. - debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while parsing quoted font family value. - CVE-2019-11005 * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage. - debian/patches/CVE-2019-11006.patch: Detect end of file while reading RLE packets. - CVE-2019-11006 * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage. - debian/patches/CVE-2019-11007-1.patch: New function to reallocate an image colormap. - debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one PixelPacket) of image colormap. - CVE-2019-11007 * SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage. - debian/patches/CVE-2019-11008.patch: Perform more header validations, a file size validation, and fix arithmetic overflows leading to heap overwrite. - CVE-2019-11008 * SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage. - debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while reading DirectClass XWD file. - CVE-2019-11009 * SECURITY UPDATE: Memory leak in the function ReadMPCImage. - debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero, or an irrationally large profile length. - CVE-2019-11010 * SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and crash) by crafting an XWD image file. - debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to avoid crashes due to FPE and invalid reads. - debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed arbitrary memory allocation. - debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation violation and invalid memory read with more validations. - CVE-2019-11473 - CVE-2019-11474 * SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage. - debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than image->depth. Avoids potential buffer overflow. - CVE-2019-11505 * SECURITY UPDATE: Heap-based buffer overflow in the function WriteMATLABImage. - debian/patches/CVE-2019-11506.patch: Add completely missing error handling. - CVE-2019-11506 -- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:12:37 -0300
Available diffs
graphicsmagick (1.4+really1.3.33+hg16115-1build1) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:27:39 +0000
Available diffs
graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issue: - CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob() reports failure. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 10 Oct 2019 22:57:35 +0000
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadMNGImage(): skip coalescing layers if there is only one layer, - DrawStrokePolygon(): handle case where TraceStrokePolygon() returns NULL, - DrawDashPolygon(): handle case where DrawStrokePolygon() returns MagickFail, - TraceBezier(): detect arithmetic overflow and return errors via normal error path rather than exiting, - ExtractTokensBetweenPushPop(): fix non-terminal parsing loop, - GenerateEXIFAttribute(): check that we are not being directed to read an IFD that we are already parsing and quit in order to avoid a loop, - ReallocColormap(): avoid dereferencing a NULL pointer if image->colormap is NULL, - png_read_raw_profile(): fix validation of raw profile length, - TraceArcPath(): substitute a lineto command when tracing arc is impossible, - GenerateEXIFAttribute(): skip unsupported/invalid format 0. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Sep 2019 10:57:12 +0000
Available diffs
graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium * New upstream release, including many security fixes. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 25 Jul 2019 16:43:39 +0000
Available diffs
graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high * New upstream release, fixing the following security issues among others: - DrawImage(): Terminate drawing if DrawCompositeMask() reports failure, - DrawImage(): Detect an error in TracePath() and quit rather than forging on. * Backport security fixes: - ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable, - WriteDIBImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Assure that chromaticity uses double-precision for multiply before casting to unsigned integer. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jun 2019 18:10:05 +0000
Available diffs
- diff from 1.4~hg16039-1 to 1.4+really1.3.32-1 (440.6 KiB)
graphicsmagick (1.4~hg16039-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also fix undefined behavior caused by large left shifts of an unsigned char, - ThrowException(), ThrowLoggedException(): Handle the case where some passed character strings refer to existing exception character strings, - PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage() stack, - WritePDFImage(): Allocate working buffer on stack and pass as argument to EscapeParenthesis() to eliminate a thread safety problem, - TranslateTextEx(): Remove support for reading from a file using '@filename' syntax, - DrawImage(): Only support '@filename' syntax to read drawing primitive from a file if we are not already drawing. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 06 Jun 2019 21:11:11 +0000
Available diffs
- diff from 1.4~hg15978-1 to 1.4~hg16039-1 (209.1 KiB)
graphicsmagick (1.4~hg15978-1) unstable; urgency=medium * Mercurial snapshot, fixing uninitialized integer value of log_configured. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 27 Apr 2019 07:06:40 +0000
Available diffs
- diff from 1.4~hg15968-1 to 1.4~hg15978-1 (77.0 KiB)
- diff from 1.4~hg15976-1 to 1.4~hg15978-1 (1.8 KiB)
Superseded in eoan-proposed |
graphicsmagick (1.4~hg15976-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadXWDImage(): Potential for heap overflow; Address header-directed arbitrary memory allocation, - ReadXWDImage(): Address segmentation violation and invalid memory reads with more validations, - Make built-in color tables fully const. * Break gnudatalanguage versions that doesn't initialize GraphicsMagick library (closes: #927688). * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 22 Apr 2019 14:41:32 +0000
Available diffs
- diff from 1.4~hg15968-1 to 1.4~hg15976-1 (76.4 KiB)
graphicsmagick (1.4~hg15968-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues (closes: #927029): - ReadMATImage(): Report a corrupt image exception if reader encounters end of file while reading scanlines (use of uninitialized value in IsGrayImag() ), - ReadTOPOLImage(): Report a corrupt image if reader encounters end of file while reading header rows (use of uninitialized value in InsertRow() ), - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and length as well as for the total pixels calculation to prevent some more arithmetic overflows, - SetNexus(): Apply resource limits to pixel nexus allocations to prevent arithmetic and integer overflows, - SetNexus(): Report error for empty region rather than crashing due to divide by zero exception, - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating point exception in SetNexus(), - ReadMATImage(): Quit if image scanlines are not fully populated due to exception to prevent use of uninitialized value in InsertComplexFloatRow(), - ReadMATImage(): Fix memory leak on unexpected end of file, - Throwing an exception is now thread-safe, - Fx module error handling/reporting improvements, - Fix various uses of allocated memory without checking if memory allocation has failed, - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or an irrationally large profile length to prevent memory leak, - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one PixelPacket) of image colormap, - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading DirectClass XWD file, - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE packets to prevent heap buffer overflow, - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while parsing quoted font family value, - CVE-2019-11008: XWD: Perform more header validations, a file size validation, and fix arithmetic overflows leading to heap overwrite, - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent division by zero problems, - WritePDBImage(): Use correct bits/sample rather than image->depth to prevent potential buffer overflow, - WriteMATLABImage(): Add completely missing error handling to prevent heap buffer overflow, - SetNexus(): Fix arithmetic overflow while testing x/y offset limits, - DrawPrimitive(): Check primitive point x/y values for NaN to prevent integer overflow, - DrawImage(): Fix integer overflow while validating gradient dimensions, - WritePDBImage(): Assure that input scanline is cleared in order to cover up some decoder bug to prevent use of uninitialized value, - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE and invalid reads. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 15 Apr 2019 17:40:12 +0000
Available diffs
- diff from 1.4~hg15916-2 to 1.4~hg15968-1 (258.9 KiB)
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
graphicsmagick (1.4~hg15916-2) unstable; urgency=medium * Declare break on python{,3}-pgmagick versions compiled with GCC 7 compiled versions of GraphicsMagick (closes: #915603, #915606). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 02 Apr 2019 18:49:40 +0000
Available diffs
- diff from 1.4~hg15916-1 to 1.4~hg15916-2 (945 bytes)
graphicsmagick (1.4~hg15916-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadTIFFImage(): Only disassociate alpha channel for images where photometic is PHOTOMETRIC_RGB, - DrawDashPolygon(): Heap buffer overflow when parsing SVG images, - DrawPrimitive(): Add arithmetic overflow checks when converting computed coordinates from 'double' to 'long', - DrawImage(): Don't destroy draw_info in graphic_context when draw_info has not been allocated yet, - RenderFreetype(): Eliminate memory leak of GlyphInfo.image, - DrawDashPolygon(): Heap-buffer-overflow via read beyond end of dash pattern array, - ReadMIFFImage(): Tally directory length to avoid death by strlen(), - ReadMPCImage(): Tally directory length to avoid death by strlen(), - ReallocColormap(): Make sure that there is not a heap overwrite if the number of colors has been reduced. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 28 Feb 2019 17:50:19 +0000
Available diffs
- diff from 1.4~hg15896-1 to 1.4~hg15916-1 (21.2 KiB)
graphicsmagick (1.4~hg15896-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - ReadMNGImage(): Quit processing and report error upon failure to insert MNG background layer preventing out of memory issues, - ReadMIFFImage(): Improve pixel buffer calculations to defend against overflow, - ReadTIFFImage(): Make sure that image is in DirectClass mode and ignore any claimed colormap when the image is read using various functions, - ReadWPGImage(): Assure that all colormap entries are initialized, - DecodeImage(): Avoid a one-byte over-read of pixels heap allocation, - ReadTIFFImage(): Assure that opacity channel is initialized in the RGBAStrippedMethod case, - ReadMNGImage(): Bound maximum loop iterations by subrange as a primitive means of limiting resource consumption preventing out of memory issues, - CVE-2019-7397: WritePDFImage(): Make sure to free 'xref' before returning preventing several memory leaks, - ReadTIFFImage(): For planar TIFF, make sure that pixels are initialized in case some planes are missing. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 16 Feb 2019 15:19:56 +0000
Available diffs
- diff from 1.4~hg15880-1 to 1.4~hg15896-1 (13.7 KiB)
graphicsmagick (1.4~hg15880-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - SetNexus(): Merge IsNexusInCore() implementation code into SetNexus() and add check for if cache_info->pixels is null, - CVE-2018-20185: BMP and DIB: Improve buffer size calculations to guard against arithmetic overflow. * Update Standards-Version to 4.3.0 . -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 05 Feb 2019 20:44:14 +0000
Available diffs
- diff from 1.4~hg15873-1 to 1.4~hg15880-1 (206.4 KiB)
graphicsmagick (1.4~hg15873-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - WriteImage(): Eliminate use of just-freed memory in clone_info->magick, - ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length is zero, - WriteXPMImage(): Assure that added colormap entry for transparent XPM is initialized, - ReadMNGImage(): Fix non-terminal MNG looping, - ReadMIFFImage(): Sanitize claimed profile size before allocating memory for it, - CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due to arithmetic overflow (closes: #916719), - CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger than 65535 (closes: #916721), - ReadTIFFImage(): More validations and stricter error reporting, - ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in MIFF version 0, - CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits per pixel are not colormapped (closes: #916752). * Add pkg-config to build dependency for FreeType 2.9.1+ detection. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 20 Dec 2018 19:04:33 +0000
Available diffs
- diff from 1.3.31-1 to 1.4~hg15873-1 (456.8 KiB)
graphicsmagick (1.3.31-1) unstable; urgency=high * New upstream release. * Fix CVE-2018-18544: memory leak of msl_image if OpenBlob() fails in ProcessMSLScript() . * Can detect FreeType via pkg-config (closes: #887720). * Enable Zstandard, the fast lossless compression algorithm support. * Update library symbols for this release. * Update Standards-Version to 4.2.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 20 Nov 2018 17:16:37 +0000
Available diffs
graphicsmagick (1.3.30+hg15796-1build1) disco; urgency=medium * No-change rebuild for the perl 5.28 transition. -- Adam Conrad <email address hidden> Fri, 02 Nov 2018 18:08:20 -0600
Available diffs
graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: DoS (crash) via a crafted SVG file. - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation - CVE-2016-2317 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG file. - debian/patches/CVE-2016-2318.patch: Make SVG path and other primitive parsing more robust - CVE-2016-2318 * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in a crafted image file. - debian/patches/CVE-2016-3714.patch: Remove delegates support for reading gnuplot files. - CVE-2016-3714 * SECURITY UPDATE: Remote attackers are able to delete arbitrary files via a crafted image. - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic prefix. - CVE-2016-3715 * SECURITY UPDATE: Remote attackers can move arbitrary files via a crafted image. - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension on MSL files. - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG format based on file extension. - CVE-2016-3716 * SECURITY UPDATE: Remote attackers can read arbitrary files via a crafted image. - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in - CVE-2016-3717 * SECURITY UPDATE: Remote attackers can conduct server-side request forgery (SSRF) attacks via a crafted image. - debian/patches/CVE-2016-3718.patch: fix in render.c - CVE-2016-3718 * SECURITY UPDATE: Remote attackers can execute arbitrary files via a pipe character at the start of a filename. - debian/patches/CVE-2016-5118.patch: remove support for reading input from a shell command or writing output to a shell command - CVE-2016-5118 * SECURITY UPDATE: Remote attackers can execute arbitrary commands via unspecified vectors. - debian/patches/CVE-2016-5239.patch: remove delegates support for Gnuplot and varios other file types. - CVE-2016-5239 * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by converting a circularly defined SVG file. - debian/patches/CVE-2016-5240.patch: endless loop problem caused by negative stroke-dasharray arguments - CVE-2016-5240 * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception and application crash) via a crafted svg file. - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows - CVE-2016-5241 * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code. - debian/patches/CVE-2016-7446.patch: fix in svg.c - CVE-2016-7446 * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis. - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of EscapeParenthesis() in annotate.c - CVE-2016-7447 * SECURITY UPDATE: DoS (CPU consumption or large memory allocations) via vectors involving the header information and the file size. - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c - CVE-2016-7448 * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing an "unterminated" string. - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun if buffer not null terminated - CVE-2016-7449 * SECURITY UPDATE: Integer underflow in the parse8BIM function. - debian/patches/CVE-2016-7800.patch: fix unsigned underflow. - CVE-2016-7800 * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format reader. - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c - CVE-2016-7996 - CVE-2016-7997 * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header. - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow while reading SCT file header. - CVE-2016-8682 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted PCX image. - debian/patches/CVE-2016-8683.patch: check that filesize is reasonable given header. - CVE-2016-8683 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted SGI image. - debian/patches/CVE-2016-8684.patch: Check that filesize is reasonable given header. - CVE-2016-8684 * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image. - debian/patches/CVE-2016-9830.patch: enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions. - CVE-2016-9830 -- Eduardo Barretto <email address hidden> Thu, 01 Nov 2018 15:03:05 -0300
Available diffs
graphicsmagick (1.3.18-1ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: DoS (out-of-bounds read) in PCX parser code - debian/patches/CVE-2014-8355.patch: fix in coders/pcx.c - CVE-2014-8355 * SECURITY UPDATE: DoS (uninitialized memory access) via a crafted GIF file. - debian/patches/CVE-2015-8808.patch: Assure that GIF decoder does not use unitialized data. - CVE-2015-8808 * SECURITY UPDATE: DoS (crash) via a crafted SVG file. - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation - CVE-2016-2317 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG file. - debian/patches/CVE-2016-2318.patch: Make SVG path and other primitive parsing more robust - CVE-2016-2318 * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in a crafted image file. - debian/patches/CVE-2016-3714.patch: Remove delegates support for reading gnuplot files. - CVE-2016-3714 * SECURITY UPDATE: Remote attackers are able to delete arbitrary files via a crafted image. - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic prefix. - CVE-2016-3715 * SECURITY UPDATE: Remote attackers can move arbitrary files via a crafted image. - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension on MSL files. - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG format based on file extension. - CVE-2016-3716 * SECURITY UPDATE: Remote attackers can read arbitrary files via a crafted image. - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in - CVE-2016-3717 * SECURITY UPDATE: Remote attackers can conduct server-side request forgery (SSRF) attacks via a crafted image. - debian/patches/CVE-2016-3718.patch: fix in render.c - CVE-2016-3718 * SECURITY UPDATE: Remote attackers can execute arbitrary files via a pipe character at the start of a filename. - debian/patches/CVE-2016-5118.patch: remove support for reading input from a shell command or writing output to a shell command - CVE-2016-5118 * SECURITY UPDATE: Remote attackers can execute arbitrary commands via unspecified vectors. - debian/patches/CVE-2016-5239.patch: remove delegates support for Gnuplot and varios other file types. - CVE-2016-5239 * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by converting a circularly defined SVG file. - debian/patches/CVE-2016-5240.patch: endless loop problem caused by negative stroke-dasharray arguments - CVE-2016-5240 * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception and application crash) via a crafted svg file. - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows - CVE-2016-5241 * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code. - debian/patches/CVE-2016-7446.patch: fix in svg.c - CVE-2016-7446 * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis. - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of EscapeParenthesis() in annotate.c - CVE-2016-7447 * SECURITY UPDATE: DoS (CPU consumption or large memory allocations) via vectors involving the header information and the file size. - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c - CVE-2016-7448 * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing an "unterminated" string. - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun if buffer not null terminated - CVE-2016-7449 * SECURITY UPDATE: Integer underflow in the parse8BIM function. - debian/patches/CVE-2016-7800.patch: fix unsigned underflow. - CVE-2016-7800 * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format reader. - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c - CVE-2016-7996 - CVE-2016-7997 * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header. - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow while reading SCT file header. - CVE-2016-8682 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted PCX image. - debian/patches/CVE-2016-8683.patch: check that filesize is reasonable given header. - CVE-2016-8683 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted SGI image. - debian/patches/CVE-2016-8684.patch: Check that filesize is reasonable given header. - CVE-2016-8684 * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image. - debian/patches/CVE-2016-9830.patch: enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions. - CVE-2016-9830 -- Eduardo Barretto <email address hidden> Thu, 25 Oct 2018 15:23:55 -0300
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues: - WEBP: Fix compiler warnings regarding uninitialized structure members, - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit, - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in case libjpeg fails to completely initialize it, - WriteOnePNGImage(): Free png_pixels as soon as possible, - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid subsequent heap read overflow, - ReadMVGImage(): Don't assume that in-memory MVG blob is a null-terminated C string, - ReadMVGImage(): Don't allow MVG files to side-load a file as the drawing primitive using '@' syntax, - FileToBlob(): Use confirm access APIs to verify that read access is allowed, and verify that file is a regular file, - ExtractTokensBetweenPushPop() needs to always return a valid pointer into the primitive string, - DrawPolygonPrimitive(): Fix leak of polygon set when object is completely outside image, - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using pixels in-core rather than using a staging area for the case where the nexus rows extend beyond the image raster boundary, - ReadCINEONImage(): Quit immediately on EOF and detect short files, - ReadMVGImage(): Fix memory leak, - Add mechanism to approve embedded subformats in WPG, - ReadXBMImage(): Add validations for row and column dimensions, - MAT InsertComplexFloatRow(): Avoid signed overflow, - InsertComplexFloatRow(): Try not to lose the previous intention while avoiding signed overflow, - XBMInteger(): Limit the number of hex digits parsed to avoid signed integer overflow, - MAT: More aggresive data corruption checking, - MAT: Correctly check GetBlobSize(image) even for zipstreams inside blob, - MAT: Explicitly reject non-seekable streams, - DrawImage(): Add missing error-reporting logic to return immediately upon memory reallocation failure. Apply memory resource limits to PrimitiveInfo array allocation, - MagickAtoFChk(): Add additional validation checks for floating point values. NAN and +/- INFINITY values also map to 0.0 , - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified prior to any comment, and that there is only one comment, - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid possible heap write overflow, - WPG: Fix intentional 64 bit file offset overflow, - DrawImage(): Be more precise about error detection and reporting, - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a one-byte stack write overflow, - DrawImage(): Fix excessive memory consumption due to SetImageAttribute() appending values, - QuantumTransferMode(): CIE Log images with an alpha channel are not supported, - ConvertPrimitiveToPath(): Second attempt to prevent heap write overflow of PathInfo array, - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder, - MIFF and MPC, need to avoid leaking value allocation (day-old bug), - ReadSFWImage(): Enforce that file is read using the JPEG reader, - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from signed to unsigned and check for unsigned overflow, - GenerateEXIFAttribute(): Eliminate undefined shift, - TraceEllipse(): Detect arithmetic overflow when computing the number of points to allocate for an ellipse, - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long, - ReadJPEGImage(): Apply a default limit of 100 progressive scans before the reader quits with an error. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Sep 2018 21:54:36 +0000
Available diffs
- diff from 1.3.30-1 to 1.3.30+hg15796-1 (18.0 MiB)
1 → 75 of 159 results | First • Previous • Next • Last |