Change log for graphicsmagick package in Ubuntu
| 1 → 75 of 159 results | First • Previous • Next • Last |
graphicsmagick (1.4+really1.3.42-1.1build3) noble; urgency=medium * Rebuild against new libpng16-16t64. -- Gianfranco Costamagna <email address hidden> Tue, 16 Apr 2024 15:33:46 +0200
Available diffs
graphicsmagick (1.4+really1.3.42-1.1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:08:06 +0000
Available diffs
graphicsmagick (1.4+really1.3.42-1.1build1) noble; urgency=medium * No-change rebuild for perlapi5.38t64. -- Matthias Klose <email address hidden> Sat, 02 Mar 2024 17:03:19 +0100
Available diffs
| Superseded in noble-proposed |
graphicsmagick (1.4+really1.3.42-1.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1063117 -- Benjamin Drung <email address hidden> Fri, 01 Mar 2024 12:05:32 +0000
Available diffs
| Superseded in noble-proposed |
graphicsmagick (1.4+really1.3.42-1build2) noble; urgency=medium * No-change rebuild against libpng16-16t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 06:47:46 +0000
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
graphicsmagick (1.4+really1.3.42-1build1) noble; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Wed, 10 Jan 2024 14:04:33 +0100
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
graphicsmagick (1.4+really1.3.42-1) unstable; urgency=high * New upstream release, including many security fixes. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 24 Sep 2023 16:35:56 +0200
Available diffs
graphicsmagick (1.4+really1.3.41-1) unstable; urgency=medium * New upstream release. * Use binary-targets for Rules-Requires-Root (closes: #1011774). * Update Standards-Version to 4.6.2 . * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 15 Aug 2023 17:33:11 +0200
Available diffs
graphicsmagick (1.4+really1.3.40-4) unstable; urgency=medium * Remove development ifdef from memory leak fix. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 17 Apr 2023 19:17:10 +0200
Available diffs
graphicsmagick (1.4+really1.3.35-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in ReadMNGImage
- debian/pacthes/CVE-2020-12672: fix small heap overwrite or assertion if
magnifying and image to be magnified has rows or columns == 1.
- CVE-2020-12672
* SECURITY UPDATE: heap buffer overflow when parsing MIFF files
- debian/patches/CVE-2022-1270.patch: validate claimed bzip2-compressed
row length prior to reading data into fixed size buffer.
- CVE-2022-1270
-- Camila Camargo de Matos <email address hidden> Tue, 21 Mar 2023 11:20:03 -0300
graphicsmagick (1.3.28-2ubuntu0.2) bionic-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Fri, 17 Mar 2023 08:39:01 -0300
Available diffs
- diff from 1.3.28-2ubuntu0.1 to 1.3.28-2ubuntu0.2 (406 bytes)
graphicsmagick (1.4+really1.3.38-1ubuntu0.1) jammy-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Thu, 16 Mar 2023 08:14:46 -0300
Available diffs
graphicsmagick (1.4+really1.3.38+hg16739-1ubuntu0.1) kinetic-security; urgency=medium * No-change rebuild for jbigkit security update. -- Camila Camargo de Matos <email address hidden> Wed, 15 Mar 2023 15:52:32 -0300
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
graphicsmagick (1.4+really1.3.40-2build1) lunar; urgency=medium * Rebuild against latest tiff -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 21:38:34 -0500
Available diffs
graphicsmagick (1.4+really1.3.40-2) unstable; urgency=medium * Don't force tiff dependency, let shlibs handle it (closes: #1029212). -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 19 Jan 2023 19:44:45 +0100
Available diffs
| Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.40-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.6.1 . -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 15 Jan 2023 08:33:55 +0100
Available diffs
| Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.39-2) unstable; urgency=medium
* Backport security fix WritePCXImage(): Fix heap overflow when writing
more than 1023 scenes, and also eliminate use of uninitialized memory.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 30 Dec 2022 23:25:30 +0100
Available diffs
| Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.39-1) unstable; urgency=medium * New upstream release. * Enable JPEG XL format support (closes: #1026220). * Migrate gsfonts dependencies to fonts-urw-base35 (closes: #1020373). -- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 27 Dec 2022 08:32:14 +0100
Available diffs
| Superseded in lunar-proposed |
| Deleted in lunar-proposed (Reason: Temporary removal for the perl 5.36 transition) |
graphicsmagick (1.4+really1.3.38+hg16870-1) unstable; urgency=high * Mercurial snapshot, fixing several security issues. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 11 Dec 2022 07:59:31 +0100
Available diffs
| Superseded in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
| Superseded in lunar-proposed |
graphicsmagick (1.4+really1.3.38+hg16739-1build1) lunar; urgency=medium * Rebuild against new perlapi-5.36. -- Gianfranco Costamagna <email address hidden> Fri, 04 Nov 2022 16:22:39 +0100
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
graphicsmagick (1.4+really1.3.38+hg16739-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issue:
- ReadSVGImage(): null pointer dereference by checking return from
xmlCreatePushParserCtxt() .
* Restore non-const Image::colorMapSize() since it caused an ABI change
(closes: #1019158).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 06 Sep 2022 18:30:49 +0200
Available diffs
| Superseded in kinetic-proposed |
graphicsmagick (1.4+really1.3.38+hg16728-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ThrowLoggedException(): dereference after NULL check,
- ReadJP2Image(): division by float zero,
- MagickXMakeMagnifyImage(): division by zero,
- ScaleImage(): resource leak,
- GetLocaleMessageFromTag(): out of bounds read,
- DrawPrimitive(): out of bounds access,
- ReadOnePNGImage(): use of uninitialized value,
- ReadMNGImage(): heap use after free in CloseBlob(),
- ReadMNGImage(): indirect leak,
- ReadOnePNGImage(): indirect leak in MagickMallocCleared().
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 11 Aug 2022 23:50:27 +0200
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
graphicsmagick (1.4+really1.3.38-1) unstable; urgency=high * New upstream release, including many security fixes. * Update watch file. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 27 Mar 2022 09:47:45 +0200
Available diffs
graphicsmagick (1.4+really1.3.37+hg16662-1ubuntu1) jammy; urgency=medium
* Revert 16603:ba930c1fc380 to address regression in ruby-mini-magick
(LP: #1962210)
-- Dan Bungert <email address hidden> Thu, 24 Feb 2022 18:38:23 -0700
Available diffs
| Superseded in jammy-proposed |
graphicsmagick (1.4+really1.3.37+hg16662-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following security issues:
- ReadMATImageV4(): change 'ldblk' to size_t and check related
calculations for overflow and to avoid possible negative seek offsets,
- ReadMATImage(): change 'ldblk' to size_t and check related calculations
for overflow and to avoid possible negative seek offsets,
- added a ReadResource limit via the MAGICK_LIMIT_READ environment
variable on how many uncompressed file bytes may be read while decoding
an input file,
- DecodeImage(): assure that the claimed scanline length is within the
bounds of the scanline allocation to avoid possible heap overflow,
- ReadBlob(): fix EOF logic, an use-of-uninitialized-value in
SyncImageCallBack,
- ReadBlobStream(): fix EOF logic, an use-of-uninitialized-value in
WritePNMImage.
* Build with HEIF image format support.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 11 Feb 2022 18:39:16 +0100
Available diffs
| Superseded in jammy-proposed |
graphicsmagick (1.4+really1.3.37-1build2) jammy; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:40:15 +0100
Available diffs
graphicsmagick (1.4+really1.3.37-1build1) jammy; urgency=medium * No-change rebuild against latest libwebp -- Jeremy Bicha <email address hidden> Tue, 01 Feb 2022 09:21:25 -0500
Available diffs
graphicsmagick (1.4+really1.3.37-1) unstable; urgency=high
* New upstream release, including many security fixes.
* Update library symbols for this release.
[ Vagrant Cascadian <email address hidden> ]
* Pass MVDelegate to configure for fixing reproducible builds on usrmerge
systems (closes: #990084).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 13 Dec 2021 17:50:54 +0100
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
graphicsmagick (1.4+really1.3.36+hg16481-2) unstable; urgency=medium
* Backport fix for use appropriate memory deallocator for memory returned
by StringToList() (closes: #991380).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 24 Jul 2021 11:42:42 +0200
Available diffs
graphicsmagick (1.4+really1.3.36+hg16481-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ProcessStyleClassDefs(): fix non-terminal loop caused by a
self-referential list which results in huge memory usage,
- MSLCDataBlock(): fix leak of value from xmlNewCDataBlock(),
- ProcessStyleClassDefs(): fix memory leak upon malformed class name list,
- ProcessStyleClassDefs(): fix non-terminal loop and huge memory
allocation caused by self-referential list,
- SVGReference(): fix memory leak when parser node is null,
- MSLStartElement(): fix assertion in TranslateText() when there are no
attributes available.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 28 Feb 2021 23:26:56 +0100
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.36+hg16472-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadJP2Image(): validate that file header is a format we expect Jasper
to decode,
- MSLPushImage(): only clone attributes if not null,
- SVGStartElement(): reject impossibly small bounds and view_box width
or height.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 22 Feb 2021 06:54:42 +0100
Available diffs
graphicsmagick (1.4+really1.3.36+hg16469-1) unstable; urgency=medium
* Mercurial snapshot:
- MagickDoubleToLong(): Guard against LONG_MAX not directly representable
as a double,
- handle Ghostscript point versions added after 9.52 .
* Make libgraphicsmagick1-dev depend on pkg-config (closes: #977699).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 21 Feb 2021 08:24:57 +0100
Available diffs
| Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36+hg16462-1) unstable; urgency=medium
* Mercurial snapshot:
- ExecuteModuleProcess(): add error reporting for the case that the
expected symbol is not resolved,
- AnalyzeImage(): add OpenMP speed-ups,
- TranslateTextEx(): fabricate default resolution values if the actual
resolution values are zero.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 07 Feb 2021 15:04:57 +0100
Available diffs
| Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36+hg16448-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- coders/tiff.c: remove unintended double-charging for memory resource,
- magick/pixel_cache.c: use resource limited memory allocator,
- InverseAffineMatrix(): avoid possible division by zero or absurdly
extreme scaling.
* Add upstream metadata.
* Update watch file.
* Update packaging bits.
[ Helmut Grohne <email address hidden> ]
* Reduce Build-Depends (closes: #980721):
+ Drop unused libexif-dev.
+ Annotate sharutils with <!nocheck> as uudecode is conditionally used in
d/rules.
+ Annotate gsfonts with <!nocheck> as it is only used in unit tests.
+ Drop unused transfig as d/rules passes --without-frozenpaths.
+ Drop unused libltdl-dev as d/rules passes --without-modules.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 23 Jan 2021 10:10:54 +0100
Available diffs
graphicsmagick (1.4+really1.3.36+hg16442-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- super_fgets_w() and super_fgets(): assure that returned pointer
value is the same as reported via 'b',
- ReadIdentityImage(): don't lose exception info if an image is not
returned,
- ReadMETAImage(): fix double-free if blob buffer was reallocated after
being attached to blob,
- ReadGIFImage(): fix memory leak of global_colormap if realloc of memory
for comment fails.
* Fix broken reading of planar RGB files.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 08 Jan 2021 18:02:36 +0100
Available diffs
| Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.36-1) unstable; urgency=high
* New upstream release, fixing the following security issues:
- update almost all of the remaining coders to use the resource-limited
memory allocator,
- ReadMPCImage(): heap-buffer-overflow read,
- EdgeImage(): fix null pointer dereference if edge image failed to be
created,
- CompareImageCommand() and CompositeImageCommand(): fix memory leaks when
an input image failed to be read,
- fix several null pointer dereference if an image failed to be created,
- Classify(): remove variables from function global scope that don't need
outer scope,
- ReadMIFFImage() and ReadMPCImage(): arbitrarily limit the number of
header keywords to avoid DOS attempts.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 27 Dec 2020 07:44:36 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16404-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following issue:
- ImportRLEPixels(): Change from C assertion to exception report.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 18 Dec 2020 20:18:42 +0100
Available diffs
| Superseded in hirsute-proposed |
graphicsmagick (1.4+really1.3.35+hg16397-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following issue:
- fix a regression with parsing MVG and SVG files which contain a "mask"
statement.
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 12 Dec 2020 20:44:16 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16394-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- DrawImage(): Verify that affine scaling factors are not zero - fixing
divide-by-zero in InverseAffineMatrix() ,
- DrawPolygonPrimitive(): Thread error status check was at wrong scope,
resulting in code executing when it should have quit,
- DrawImage(): Use unique image attribute space for MVG symbols - fixing
stack-overflow in DrawImage() and integer-overflow in
DrawPolygonPrimitive() .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 06 Dec 2020 10:37:34 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16390-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following security issues:
- DrawImage(): Reject pattern image with a dimension of zero,
- add private interfaces for allocating memory while respecting resource
limits and use them in MVG rendering and MIFF reader code,
- WriteMIFFImage(): Update to use resource-limit respecting memory
allocators,
- adjust test suite memory limit to 128/256/512MB for Q8/Q16/Q32 builds,
- ConvertPathToPolygon(): Fix memory leak upon memory reallocation
failure,
- ReadSVGImage(): Fix memory leak due to CDATA block, and some other
possible small leaks,
- WritePSImage(): Fix problem when writing PseudoClass mage with a
colormap larger than two entries as bilevel,
- DrawPolygonPrimitive(): Try to minimize the impact of too many threads
due to replicated data,
- ConvertPathToPolygon(): Make sure not to leak points from added Edge,
- DrawDashPolygon(): Place an aribrary limit on stroke dash polygon unit
maximum length,
- ConvertPathToPolygon(): Attempt to fix leak of 'points' on memory
allocation failure,
- BMP: Use resource-limited memory allocator,
- DIB: Use resource-limited memory allocator,
- FITS: Use resource-limited memory allocator,
- WriteJBIGImage(): Use resource-limited memory allocator,
- WEBP: Use resource-limited memory allocator,
- ReadGIFImage(): Use resource-limited memory allocator when reading the
comment extension,
- ReadOneJNGImage(): Fix issues related to invoking sub-decoders (which
may lead to unexpected behavior),
- MAT: Use resource-limited memory allocator.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 03 Dec 2020 21:22:54 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16348-1build1) hirsute; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 12:41:04 +0100
Available diffs
graphicsmagick (1.4+really1.3.35+hg16348-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- DrawPrimitive(): destroy composite_image since it may be a list, fixing
indirect memory leak in MagickMalloc() ,
- DrawPrimitive(): missing DestroyImageList() request if multiple-frames
were returned,
- ConstituteImage(): set image depth appropriately based on StorageType
and QuantumDepth.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 17 Oct 2020 07:49:58 +0200
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.35+hg16297-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- fix WPG heap-buffer-overflow in ImportGrayQuantumType(),
- fix WPG heap-buffer-overflow in InsertRow(),
- fix WPG thrown assertion due to a double-free of memory.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 07 Jun 2020 21:02:16 +0200
Available diffs
| Superseded in groovy-proposed |
graphicsmagick (1.4+really1.3.35+hg16296-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadWPGImage(): Terminate reading when a pixel cache resource limit is
hit rather than moving on to heap buffer overflow,
- WriteTIFFImage(): WebP compression only supports a depth of 8; fixes
use-of-uninitialized-value in GammaToLinear.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 03 Jun 2020 17:49:58 +0200
Available diffs
| Superseded in groovy-proposed |
graphicsmagick (1.4+really1.3.35-2) unstable; urgency=high
* Backport security fix for CVE-2020-12672, MNG: small heap overwrite or
assertion if magnifying and image to be magnified has rows or columns == 1
(closes: #960000).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 30 May 2020 17:41:09 +0200
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- ReadSVGImage(): Fix dereference of NULL pointer when stopping image
timer,
- DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() .
* Update library symbols for this release.
[ Nicolas Boulenguez <email address hidden> ]
* mime: improve formatting.
* mime: adjust priority for all images (closes: #951758).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 23 Feb 2020 20:42:10 +0000
Available diffs
| Superseded in focal-proposed |
graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following security issues:
- WritePICTImage(): Eliminating small buffer overrun when run-length
encoding pixels,
- WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw
exception,
- DecodeImage(): Fix heap buffer over-reads,
- DecodeImage(): Allocate extra scanline memory to allow small
RLE overrun.
* Update library symbols for this release.
* Update Standards-Version to 4.5.0 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 07 Feb 2020 19:02:36 +0000
Available diffs
graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
- debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
reading heap data beyond the allocated size.
- CVE-2017-17912
* SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
- debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
the image pointer provided by libwebp is valid.
- debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
0.5.0+ by disabling progress indication.
- CVE-2017-17913
* SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
- debian/patches/CVE-2017-17915.patch: Check range limit before accessing
byte to avoid minor heap read overflow.
- CVE-2017-17915
* SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
- debian/patches/CVE-2017-18219.patch: check MemoryResource before
attempting to allocate ping_pixels array.
- CVE-2017-18219
* SECURITY UPDATE: Allocation failure in ReadTIFFImage()
- debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
tile memory allocation requests based on file size.
- CVE-2017-18229
* SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
- debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
- CVE-2017-18230
* SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
- debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
- CVE-2017-18231
-- Eduardo Barretto <email address hidden> Mon, 03 Feb 2020 16:47:01 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in ReadWPGImage()
- debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
PseudoClass type with valid colormapped indexes.
- CVE-2017-16545
* SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
- debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
to large strncpy size request and bad array index.
- CVE-2017-16547
* SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c
- debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
something fails.
- debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
- debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
pointer due to programming error and report it.
- debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
produce expected PseudoClass indexes.
- debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
- debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
all calls.
- CVE-2017-16669
* SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
- debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
gray+alpha 1-bit/sample.
- CVE-2017-17498
* SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
- debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17500
* SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
- debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
testing pixels for opacity.
- CVE-2017-17501
* SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
- debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17502
* SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
- debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17503
* SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
- debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
which caused heap read overflow.
- CVE-2017-17782
* SECURITY UPDATE: Buffer over-read in ReadPALMImage()
- debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
while initializing color palette.
- CVE-2017-17783
-- Eduardo Barretto <email address hidden> Tue, 21 Jan 2020 14:15:33 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage()
- debian/patches/CVE-2017-14165.patch: Verify that file header data length,
and file length are sufficient for claimed image dimensions.
- CVE-2017-14165
* SECURITY UPDATE: Heap-based buffer over-read in DrawImage()
- debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in
DrawDashPolygon().
- CVE-2017-14314
* SECURITY UPDATE: Null pointer dereference in ReadPNMImage()
- debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256
colors.
- CVE-2017-14504
* SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c
- debian/patches/CVE-2017-14649.patch: Validate JNG data properly.
- CVE-2017-14649
* SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage()
- debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha
flag is present.
- CVE-2017-14733
* SECURITY UPDATE: Null pointer dereference in ReadDCMImage()
- debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce
image list with no frames, resulting in null image pointer.
- CVE-2017-14994
* SECURITY UPDATE: Integer underflow in ReadPICTImage()
- debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to
astonishingly large allocation request.
- CVE-2017-14997
* SECURITY UPDATE: Resource leak in ReadGIFImage()
- debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully
initialized.
- CVE-2017-15277
* SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage()
- debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer
when transferring JPEG scanlines.
- debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null
PixelPacket pointer.
- debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable
dimensions given the file size.
- debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception
gets reported on read failure.
- CVE-2017-15930
* SECURITY UPDATE: Heap-based buffer overflow in DescribeImage()
- debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow
while describing visual image directory.
- CVE-2017-16352
* SECURITY UPDATE: Memory information disclosure in DescribeImage()
- debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the
IPTC profile.
- CVE-2017-16353
-- Eduardo Barretto <email address hidden> Mon, 06 Jan 2020 15:39:05 -0300
Available diffs
graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium
* Mercurial snapshot, fixing the following security issue:
- WritePCXImage(): Fix heap overflow in PCX writer when bytes per line
value overflows its 16-bit storage unit.
* Fix definition of ResourceInfinity.
[ Nicolas Boulenguez <email address hidden> ]
* Lower MIME priority for PS/PDF (closes: #935099).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Dec 2019 18:58:57 +0000
Available diffs
graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium * Still use glibc malloc allocator. -- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 25 Dec 2019 10:09:02 +0000
Available diffs
graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- PNMInteger(): Place a generous arbitrary limit on the amount of PNM
comment text to avoid DoS opportunity,
- MagickClearException(): Destroy any existing exception info before
re-initializing the exception info or else there will be a memory leak,
- HuffmanDecodeImage(): Fix signed overflow on range check which leads
to heap overflow,
- ReadMNGImage(): Only magnify the image if the requested magnification
methods are supported,
- GenerateEXIFAttribute(): Add validations to prevent heap buffer
overflow,
- DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
of cloned draw_info are not null,
- CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
is exceeded (closes: #947311).
* Build with Google Thread-Caching Malloc library.
* Update Standards-Version to 4.4.1 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 24 Dec 2019 20:23:10 +0000
Available diffs
graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in WriteMAPImage()
- debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer
dereference or SEGV if input is not colormapped.
- CVE-2017-11638
- CVE-2017-11642
* SECURITY UPDATE: Memory leak in PersistCache()
- debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick
Persistent Cache format.
- CVE-2017-11641
* SECURITY UPDATE: Heap overflow in WriteCMYKImage()
- debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple
frames with varying widths.
- CVE-2017-11643
* SECURITY UPDATE: Invalid memory read in SetImageColorCallBack()
- debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions
(over 65535).
- CVE-2017-12935
* SECURITY UPDATE: Use-after-free in ReadWMFImage()
- debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap
data in error reporting path.
- CVE-2017-12936
* SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage()
- debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing
colormap in bilevel decoder.
- CVE-2017-12937
* SECURITY UPDATE: Heap-based buffer overflow vulnerability
- debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix
buffer-overflow and inconsistent behavior in GetStyleTokens().
- CVE-2017-13063
- CVE-2017-13064
- CVE-2017-13065
* SECURITY UPDATE: Heap-based buffer over-read in SFWScan
- debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in
SFWScan().
- CVE-2017-13134
* SECURITY UPDATE: Invalid free in MagickFree()
- debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round
down, rather than up.
- CVE-2017-13737
* SECURITY UPDATE: DoS in ReadJNXImage()
- debian/patches/CVE-2017-13775.patch: Fix DOS issues.
- CVE-2017-13775
* SECURITY UPDATE: DoS in ReadXBMImage()
- debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues.
- CVE-2017-13776
- CVE-2017-13777
-- Eduardo Barretto <email address hidden> Thu, 12 Dec 2019 11:31:23 -0300
Available diffs
graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Allocation failure vulnerability
- debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in
coders/png.c
- CVE-2017-13147
* SECURITY UPDATE: Allocation failure vulnerability
- debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify
sufficient backing file data before memory request.
- CVE-2017-14042
* SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples
per pixel value in a CMYKA TIFF file.
- debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading
CMYKA tiff which claims wrong samples/pixel.
- CVE-2017-6335
* SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with
metadata.
- debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce
that buffer overflow can not happen while importing pixels.
- CVE-2017-10794
* SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with
metadata.
- debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized
based on header, and reject files with insufficient data.
- CVE-2017-10799
* SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length
color_image data structure.
- debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image
while reading a JNG.
- CVE-2017-11102
* SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file.
- debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first
scanline.
- CVE-2017-11140
* SECURITY UPDATE: Use-after-free via a crafted MNG file.
- debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and
DestroyImageList() that caused a use-after-free crash.
- debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free.
- CVE-2017-11403
* SECURITY UPDATE: Heap overflow when processing multiple frames that have
non-identical widths.
- debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple
frames with varying widths.
- CVE-2017-11636
* SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function.
- debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in
writing monochrome images.
- CVE-2017-11637
-- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:36:23 -0300
Available diffs
graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
- debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
65535.
- CVE-2018-20184
* SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
- debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
sample_bits <= 32.
- debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
to arithmetic overflow.
- debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
to guard against arithmetic overflow.
- CVE-2018-20185
* SECURITY UPDATE: DoS (crash) in ReadDIBImage.
- debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
per pixel are not colormapped.
- CVE-2018-20189
* SECURITY UPDATE: Stack-based buffer overflow in the function
SVGStartElement.
- debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
parsing quoted font family value.
- CVE-2019-11005
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
- debian/patches/CVE-2019-11006.patch: Detect end of file while reading
RLE packets.
- CVE-2019-11006
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
- debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
image colormap.
- debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
PixelPacket) of image colormap.
- CVE-2019-11007
* SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
- debian/patches/CVE-2019-11008.patch: Perform more header validations, a
file size validation, and fix arithmetic overflows leading to heap
overwrite.
- CVE-2019-11008
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
- debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
reading DirectClass XWD file.
- CVE-2019-11009
* SECURITY UPDATE: Memory leak in the function ReadMPCImage.
- debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
or an irrationally large profile length.
- CVE-2019-11010
* SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
crash) by crafting an XWD image file.
- debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
avoid crashes due to FPE and invalid reads.
- debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
arbitrary memory allocation.
- debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
violation and invalid memory read with more validations.
- CVE-2019-11473
- CVE-2019-11474
* SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
- debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
image->depth. Avoids potential buffer overflow.
- CVE-2019-11505
* SECURITY UPDATE: Heap-based buffer overflow in the function
WriteMATLABImage.
- debian/patches/CVE-2019-11506.patch: Add completely missing error
handling.
- CVE-2019-11506
-- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:12:37 -0300
Available diffs
graphicsmagick (1.4+really1.3.33+hg16115-1build1) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:27:39 +0000
Available diffs
graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issue:
- CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob()
reports failure.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 10 Oct 2019 22:57:35 +0000
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to Release) |
graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadMNGImage(): skip coalescing layers if there is only one layer,
- DrawStrokePolygon(): handle case where TraceStrokePolygon() returns
NULL,
- DrawDashPolygon(): handle case where DrawStrokePolygon() returns
MagickFail,
- TraceBezier(): detect arithmetic overflow and return errors via
normal error path rather than exiting,
- ExtractTokensBetweenPushPop(): fix non-terminal parsing loop,
- GenerateEXIFAttribute(): check that we are not being directed to read
an IFD that we are already parsing and quit in order to avoid a loop,
- ReallocColormap(): avoid dereferencing a NULL pointer if
image->colormap is NULL,
- png_read_raw_profile(): fix validation of raw profile length,
- TraceArcPath(): substitute a lineto command when tracing arc is
impossible,
- GenerateEXIFAttribute(): skip unsupported/invalid format 0.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Sep 2019 10:57:12 +0000
Available diffs
graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium * New upstream release, including many security fixes. -- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 25 Jul 2019 16:43:39 +0000
Available diffs
graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- DrawImage(): Terminate drawing if DrawCompositeMask() reports failure,
- DrawImage(): Detect an error in TracePath() and quit rather than
forging on.
* Backport security fixes:
- ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable,
- WriteDIBImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Assure that chromaticity uses double-precision for
multiply before casting to unsigned integer.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jun 2019 18:10:05 +0000
Available diffs
- diff from 1.4~hg16039-1 to 1.4+really1.3.32-1 (440.6 KiB)
graphicsmagick (1.4~hg16039-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also
fix undefined behavior caused by large left shifts of an unsigned char,
- ThrowException(), ThrowLoggedException(): Handle the case where some
passed character strings refer to existing exception character strings,
- PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage()
stack,
- WritePDFImage(): Allocate working buffer on stack and pass as argument
to EscapeParenthesis() to eliminate a thread safety problem,
- TranslateTextEx(): Remove support for reading from a file using
'@filename' syntax,
- DrawImage(): Only support '@filename' syntax to read drawing primitive
from a file if we are not already drawing.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 06 Jun 2019 21:11:11 +0000
Available diffs
- diff from 1.4~hg15978-1 to 1.4~hg16039-1 (209.1 KiB)
graphicsmagick (1.4~hg15978-1) unstable; urgency=medium * Mercurial snapshot, fixing uninitialized integer value of log_configured. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 27 Apr 2019 07:06:40 +0000
Available diffs
- diff from 1.4~hg15968-1 to 1.4~hg15978-1 (77.0 KiB)
- diff from 1.4~hg15976-1 to 1.4~hg15978-1 (1.8 KiB)
| Superseded in eoan-proposed |
graphicsmagick (1.4~hg15976-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadXWDImage(): Potential for heap overflow; Address header-directed
arbitrary memory allocation,
- ReadXWDImage(): Address segmentation violation and invalid memory
reads with more validations,
- Make built-in color tables fully const.
* Break gnudatalanguage versions that doesn't initialize GraphicsMagick
library (closes: #927688).
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 22 Apr 2019 14:41:32 +0000
Available diffs
- diff from 1.4~hg15968-1 to 1.4~hg15976-1 (76.4 KiB)
graphicsmagick (1.4~hg15968-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues
(closes: #927029):
- ReadMATImage(): Report a corrupt image exception if reader encounters
end of file while reading scanlines (use of uninitialized value in
IsGrayImag() ),
- ReadTOPOLImage(): Report a corrupt image if reader encounters end of
file while reading header rows (use of uninitialized value in
InsertRow() ),
- OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and
length as well as for the total pixels calculation to prevent some more
arithmetic overflows,
- SetNexus(): Apply resource limits to pixel nexus allocations to prevent
arithmetic and integer overflows,
- SetNexus(): Report error for empty region rather than crashing due to
divide by zero exception,
- ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating
point exception in SetNexus(),
- ReadMATImage(): Quit if image scanlines are not fully populated due to
exception to prevent use of uninitialized value in
InsertComplexFloatRow(),
- ReadMATImage(): Fix memory leak on unexpected end of file,
- Throwing an exception is now thread-safe,
- Fx module error handling/reporting improvements,
- Fix various uses of allocated memory without checking if memory
allocation has failed,
- CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or
an irrationally large profile length to prevent memory leak,
- CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one
PixelPacket) of image colormap,
- CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading
DirectClass XWD file,
- CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE
packets to prevent heap buffer overflow,
- CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while
parsing quoted font family value,
- CVE-2019-11008: XWD: Perform more header validations, a file size
validation, and fix arithmetic overflows leading to heap overwrite,
- ReadWMFImage(): Reject WMF files with an empty bounding box to prevent
division by zero problems,
- WritePDBImage(): Use correct bits/sample rather than image->depth to
prevent potential buffer overflow,
- WriteMATLABImage(): Add completely missing error handling to prevent
heap buffer overflow,
- SetNexus(): Fix arithmetic overflow while testing x/y offset limits,
- DrawPrimitive(): Check primitive point x/y values for NaN to prevent
integer overflow,
- DrawImage(): Fix integer overflow while validating gradient dimensions,
- WritePDBImage(): Assure that input scanline is cleared in order to
cover up some decoder bug to prevent use of uninitialized value,
- ReadXWDImage(): Add more validation logic to avoid crashes due to FPE
and invalid reads.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 15 Apr 2019 17:40:12 +0000
Available diffs
- diff from 1.4~hg15916-2 to 1.4~hg15968-1 (258.9 KiB)
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
graphicsmagick (1.4~hg15916-2) unstable; urgency=medium
* Declare break on python{,3}-pgmagick versions compiled with GCC 7
compiled versions of GraphicsMagick (closes: #915603, #915606).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 02 Apr 2019 18:49:40 +0000
Available diffs
- diff from 1.4~hg15916-1 to 1.4~hg15916-2 (945 bytes)
graphicsmagick (1.4~hg15916-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadTIFFImage(): Only disassociate alpha channel for images where
photometic is PHOTOMETRIC_RGB,
- DrawDashPolygon(): Heap buffer overflow when parsing SVG images,
- DrawPrimitive(): Add arithmetic overflow checks when converting
computed coordinates from 'double' to 'long',
- DrawImage(): Don't destroy draw_info in graphic_context when draw_info
has not been allocated yet,
- RenderFreetype(): Eliminate memory leak of GlyphInfo.image,
- DrawDashPolygon(): Heap-buffer-overflow via read beyond end of dash
pattern array,
- ReadMIFFImage(): Tally directory length to avoid death by strlen(),
- ReadMPCImage(): Tally directory length to avoid death by strlen(),
- ReallocColormap(): Make sure that there is not a heap overwrite if the
number of colors has been reduced.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 28 Feb 2019 17:50:19 +0000
Available diffs
- diff from 1.4~hg15896-1 to 1.4~hg15916-1 (21.2 KiB)
graphicsmagick (1.4~hg15896-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadMNGImage(): Quit processing and report error upon failure to insert
MNG background layer preventing out of memory issues,
- ReadMIFFImage(): Improve pixel buffer calculations to defend against
overflow,
- ReadTIFFImage(): Make sure that image is in DirectClass mode and ignore
any claimed colormap when the image is read using various functions,
- ReadWPGImage(): Assure that all colormap entries are initialized,
- DecodeImage(): Avoid a one-byte over-read of pixels heap allocation,
- ReadTIFFImage(): Assure that opacity channel is initialized in the
RGBAStrippedMethod case,
- ReadMNGImage(): Bound maximum loop iterations by subrange as a
primitive means of limiting resource consumption preventing out of
memory issues,
- CVE-2019-7397: WritePDFImage(): Make sure to free 'xref' before
returning preventing several memory leaks,
- ReadTIFFImage(): For planar TIFF, make sure that pixels are initialized
in case some planes are missing.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 16 Feb 2019 15:19:56 +0000
Available diffs
- diff from 1.4~hg15880-1 to 1.4~hg15896-1 (13.7 KiB)
graphicsmagick (1.4~hg15880-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- SetNexus(): Merge IsNexusInCore() implementation code into SetNexus()
and add check for if cache_info->pixels is null,
- CVE-2018-20185: BMP and DIB: Improve buffer size calculations to guard
against arithmetic overflow.
* Update Standards-Version to 4.3.0 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 05 Feb 2019 20:44:14 +0000
Available diffs
- diff from 1.4~hg15873-1 to 1.4~hg15880-1 (206.4 KiB)
graphicsmagick (1.4~hg15873-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- WriteImage(): Eliminate use of just-freed memory in clone_info->magick,
- ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length
is zero,
- WriteXPMImage(): Assure that added colormap entry for transparent XPM
is initialized,
- ReadMNGImage(): Fix non-terminal MNG looping,
- ReadMIFFImage(): Sanitize claimed profile size before allocating memory
for it,
- CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due
to arithmetic overflow (closes: #916719),
- CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger
than 65535 (closes: #916721),
- ReadTIFFImage(): More validations and stricter error reporting,
- ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in
MIFF version 0,
- CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits
per pixel are not colormapped (closes: #916752).
* Add pkg-config to build dependency for FreeType 2.9.1+ detection.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 20 Dec 2018 19:04:33 +0000
Available diffs
- diff from 1.3.31-1 to 1.4~hg15873-1 (456.8 KiB)
graphicsmagick (1.3.31-1) unstable; urgency=high
* New upstream release.
* Fix CVE-2018-18544: memory leak of msl_image if OpenBlob() fails in
ProcessMSLScript() .
* Can detect FreeType via pkg-config (closes: #887720).
* Enable Zstandard, the fast lossless compression algorithm support.
* Update library symbols for this release.
* Update Standards-Version to 4.2.1 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 20 Nov 2018 17:16:37 +0000
Available diffs
graphicsmagick (1.3.30+hg15796-1build1) disco; urgency=medium * No-change rebuild for the perl 5.28 transition. -- Adam Conrad <email address hidden> Fri, 02 Nov 2018 18:08:20 -0600
Available diffs
graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (crash) via a crafted SVG file.
- debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
- debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
- debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
- CVE-2016-2317
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
file.
- debian/patches/CVE-2016-2318.patch: Make SVG path and other
primitive parsing more robust
- CVE-2016-2318
* SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
a crafted image file.
- debian/patches/CVE-2016-3714.patch: Remove delegates support for
reading gnuplot files.
- CVE-2016-3714
* SECURITY UPDATE: Remote attackers are able to delete arbitrary files
via a crafted image.
- debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
prefix.
- CVE-2016-3715
* SECURITY UPDATE: Remote attackers can move arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
on MSL files.
- debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
format based on file extension.
- CVE-2016-3716
* SECURITY UPDATE: Remote attackers can read arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
- CVE-2016-3717
* SECURITY UPDATE: Remote attackers can conduct server-side request
forgery (SSRF) attacks via a crafted image.
- debian/patches/CVE-2016-3718.patch: fix in render.c
- CVE-2016-3718
* SECURITY UPDATE: Remote attackers can execute arbitrary files via a
pipe character at the start of a filename.
- debian/patches/CVE-2016-5118.patch: remove support for reading
input from a shell command or writing output to a shell command
- CVE-2016-5118
* SECURITY UPDATE: Remote attackers can execute arbitrary commands via
unspecified vectors.
- debian/patches/CVE-2016-5239.patch: remove delegates support for
Gnuplot and varios other file types.
- CVE-2016-5239
* SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
converting a circularly defined SVG file.
- debian/patches/CVE-2016-5240.patch: endless loop problem caused by
negative stroke-dasharray arguments
- CVE-2016-5240
* SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
and application crash) via a crafted svg file.
- debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
fill or stroke pattern image has zero columns or rows
- CVE-2016-5241
* SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
- debian/patches/CVE-2016-7446.patch: fix in svg.c
- CVE-2016-7446
* SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
- debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
EscapeParenthesis() in annotate.c
- CVE-2016-7447
* SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
via vectors involving the header information and the file size.
- debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
- debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
- CVE-2016-7448
* SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
an "unterminated" string.
- debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
if buffer not null terminated
- CVE-2016-7449
* SECURITY UPDATE: Integer underflow in the parse8BIM function.
- debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
- CVE-2016-7800
* SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
reader.
- debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
- CVE-2016-7996
- CVE-2016-7997
* SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
- debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
while reading SCT file header.
- CVE-2016-8682
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted PCX image.
- debian/patches/CVE-2016-8683.patch: check that filesize is
reasonable given header.
- CVE-2016-8683
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted SGI image.
- debian/patches/CVE-2016-8684.patch: Check that filesize is
reasonable given header.
- CVE-2016-8684
* SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
- debian/patches/CVE-2016-9830.patch: enforce spec requirement that
the dimensions of the JPEG embedded in a JDAT chunk must match the
JHDR dimensions.
- CVE-2016-9830
-- Eduardo Barretto <email address hidden> Thu, 01 Nov 2018 15:03:05 -0300
Available diffs
graphicsmagick (1.3.18-1ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (out-of-bounds read) in PCX parser code
- debian/patches/CVE-2014-8355.patch: fix in coders/pcx.c
- CVE-2014-8355
* SECURITY UPDATE: DoS (uninitialized memory access) via a crafted GIF
file.
- debian/patches/CVE-2015-8808.patch: Assure that GIF decoder does
not use unitialized data.
- CVE-2015-8808
* SECURITY UPDATE: DoS (crash) via a crafted SVG file.
- debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
- debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
- debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
- CVE-2016-2317
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
file.
- debian/patches/CVE-2016-2318.patch: Make SVG path and other
primitive parsing more robust
- CVE-2016-2318
* SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
a crafted image file.
- debian/patches/CVE-2016-3714.patch: Remove delegates support for
reading gnuplot files.
- CVE-2016-3714
* SECURITY UPDATE: Remote attackers are able to delete arbitrary files
via a crafted image.
- debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
prefix.
- CVE-2016-3715
* SECURITY UPDATE: Remote attackers can move arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
on MSL files.
- debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
format based on file extension.
- CVE-2016-3716
* SECURITY UPDATE: Remote attackers can read arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
- CVE-2016-3717
* SECURITY UPDATE: Remote attackers can conduct server-side request
forgery (SSRF) attacks via a crafted image.
- debian/patches/CVE-2016-3718.patch: fix in render.c
- CVE-2016-3718
* SECURITY UPDATE: Remote attackers can execute arbitrary files via a
pipe character at the start of a filename.
- debian/patches/CVE-2016-5118.patch: remove support for reading
input from a shell command or writing output to a shell command
- CVE-2016-5118
* SECURITY UPDATE: Remote attackers can execute arbitrary commands via
unspecified vectors.
- debian/patches/CVE-2016-5239.patch: remove delegates support for
Gnuplot and varios other file types.
- CVE-2016-5239
* SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
converting a circularly defined SVG file.
- debian/patches/CVE-2016-5240.patch: endless loop problem caused by
negative stroke-dasharray arguments
- CVE-2016-5240
* SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
and application crash) via a crafted svg file.
- debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
fill or stroke pattern image has zero columns or rows
- CVE-2016-5241
* SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
- debian/patches/CVE-2016-7446.patch: fix in svg.c
- CVE-2016-7446
* SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
- debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
EscapeParenthesis() in annotate.c
- CVE-2016-7447
* SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
via vectors involving the header information and the file size.
- debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
- debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
- CVE-2016-7448
* SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
an "unterminated" string.
- debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
if buffer not null terminated
- CVE-2016-7449
* SECURITY UPDATE: Integer underflow in the parse8BIM function.
- debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
- CVE-2016-7800
* SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
reader.
- debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
- CVE-2016-7996
- CVE-2016-7997
* SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
- debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
while reading SCT file header.
- CVE-2016-8682
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted PCX image.
- debian/patches/CVE-2016-8683.patch: check that filesize is
reasonable given header.
- CVE-2016-8683
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted SGI image.
- debian/patches/CVE-2016-8684.patch: Check that filesize is
reasonable given header.
- CVE-2016-8684
* SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
- debian/patches/CVE-2016-9830.patch: enforce spec requirement that
the dimensions of the JPEG embedded in a JDAT chunk must match the
JHDR dimensions.
- CVE-2016-9830
-- Eduardo Barretto <email address hidden> Thu, 25 Oct 2018 15:23:55 -0300
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- WEBP: Fix compiler warnings regarding uninitialized structure members,
- ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
- ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
case libjpeg fails to completely initialize it,
- WriteOnePNGImage(): Free png_pixels as soon as possible,
- ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
subsequent heap read overflow,
- ReadMVGImage(): Don't assume that in-memory MVG blob is a
null-terminated C string,
- ReadMVGImage(): Don't allow MVG files to side-load a file as the
drawing primitive using '@' syntax,
- FileToBlob(): Use confirm access APIs to verify that read access is
allowed, and verify that file is a regular file,
- ExtractTokensBetweenPushPop() needs to always return a valid pointer
into the primitive string,
- DrawPolygonPrimitive(): Fix leak of polygon set when object is
completely outside image,
- SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
pixels in-core rather than using a staging area for the case where the
nexus rows extend beyond the image raster boundary,
- ReadCINEONImage(): Quit immediately on EOF and detect short files,
- ReadMVGImage(): Fix memory leak,
- Add mechanism to approve embedded subformats in WPG,
- ReadXBMImage(): Add validations for row and column dimensions,
- MAT InsertComplexFloatRow(): Avoid signed overflow,
- InsertComplexFloatRow(): Try not to lose the previous intention while
avoiding signed overflow,
- XBMInteger(): Limit the number of hex digits parsed to avoid signed
integer overflow,
- MAT: More aggresive data corruption checking,
- MAT: Correctly check GetBlobSize(image) even for zipstreams inside
blob,
- MAT: Explicitly reject non-seekable streams,
- DrawImage(): Add missing error-reporting logic to return immediately
upon memory reallocation failure. Apply memory resource limits to
PrimitiveInfo array allocation,
- MagickAtoFChk(): Add additional validation checks for floating point
values. NAN and +/- INFINITY values also map to 0.0 ,
- ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
prior to any comment, and that there is only one comment,
- ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
possible heap write overflow,
- WPG: Fix intentional 64 bit file offset overflow,
- DrawImage(): Be more precise about error detection and reporting,
- TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
one-byte stack write overflow,
- DrawImage(): Fix excessive memory consumption due to
SetImageAttribute() appending values,
- QuantumTransferMode(): CIE Log images with an alpha channel are not
supported,
- ConvertPrimitiveToPath(): Second attempt to prevent heap write
overflow of PathInfo array,
- ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
- MIFF and MPC, need to avoid leaking value allocation (day-old bug),
- ReadSFWImage(): Enforce that file is read using the JPEG reader,
- FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
signed to unsigned and check for unsigned overflow,
- GenerateEXIFAttribute(): Eliminate undefined shift,
- TraceEllipse(): Detect arithmetic overflow when computing the number of
points to allocate for an ellipse,
- ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
- ReadJPEGImage(): Apply a default limit of 100 progressive scans before
the reader quits with an error.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 24 Sep 2018 21:54:36 +0000
Available diffs
- diff from 1.3.30-1 to 1.3.30+hg15796-1 (18.0 MiB)
| 1 → 75 of 159 results | First • Previous • Next • Last |
