#8365 closed enhancement (fixed)
ImageMagick-6.9.6-0 (Security Issues reported in oss-sec)
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | highest | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Update ImageMagick-6 to its latest version (6.9.5-10). This will resolve several issues mentioned in the oss-security mailing list.
The following CVEs will be fixed:
CVE-2016-6823: ImageMagick BMP Coder Out-of-Bounds Write Vulnerability CVE-2016-7101: ImageMagick SGI Coder Out-of-Bounds Read Vulnerability CVE-2016-7513: off-by-one error leading to segfault CVE-2016-7514: out-of-bounds read in coders/psd.c CVE-2016-7515: rle handling for corrupted file CVE-2015-8957: heap buffer overflow in hdr file handling CVE-2015-8958: potential DoS in sun file handling due to malformed files CVE-2016-7516: out-of-bounds / heap-buffer-overflow problem in viff files CVE-2016-7517: out-of-bounds / heap-buffer-overflow problem in pict files CVE-2016-7518: out-of-bounds / heap-buffer-overflow problem in sun files CVE-2016-7519: out-of-bounds / heap-buffer-overflow problem in rle files CVE-2016-7520: heap buffer overflow in hdr file handling CVE-2016-7521: heap buffer overflow in psd file handling CVE-2016-7522: out of bounds access for malformed psd files CVE-2016-7523: heap buffer overflow / out of bounds access in meta.c CVE-2016-7524: heap buffer overflow / out of bounds access in meta.c CVE-2016-7525: heap buffer overflow in psd file coder CVE-2016-7526: heap-buffer-overflow / out-of-bounds access in wpg file coder CVE-2016-7527: global buffer overflow in wpg file coder CVE-2016-7528: out-of-bounds access / SIGSEGV on unknown address in viff file coder CVE-2016-7529: out-of-bounds access in xcf file coder CVE-2016-7530: out-of-bounds in quantum handling CVE-2016-7531: pbd file out of bounds access CVE-2016-7532: Fix handling of corrupted psd files CVE-2016-7533: heap-buffer-overflow for corrupted wpg files CVE-2016-7534: out of bounds access in generic decoder CVE-2016-7535: out-of-bounds access for corrupted psd files CVE-2016-7536: SIGSEGV reported in corrupted profile handling CVE-2016-7537: out-of-bounds access for corrupted pdb file CVE-2016-7538: SIGABRT and heap-buffer-overflow for corrupted pdb file CVE-2015-8959: DOS due to corrupted DDS files CVE-2014-9907: DOS due to corrupted DDS files CVE-2016-7539: potential DOS due to not releasing memory CVE-2016-7540: writing to rgf format aborts
The above is a total of 35 vulnerabilities.
I can post links to oss-security stuff when I'm not on the university network.
Change History (5)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
| Summary: | ImageMagick-6.9.5-10 (Security Issues reported in oss-sec) → ImageMagick-6.9.6-0 (Security Issues reported in oss-sec) |
|---|
comment:3 by , 8 years ago
Time to add 2 more to the vulnerability list...
CVE-2016-7799: buffer over-read in imagemagick mogrify CVE-2016-7906: imagemagick mogrify use after free
Note:
See TracTickets
for help on using tickets.
New version was released unfortunately.
However, it does fix several more issues.
2016-10-02 6.9.6-0 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 6.9.6-0, GIT revision 11078:9aec251:20161002. 2016-09-27 6.9.6-0 Dirk Lemstra <dirk@lem.....org> * Fixed incorrect RLE decoding when reading an SGI image (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30514)