Summary: | <media-gfx/imagemagick-{6.9.8.6,7.0.5.7}: Multiple vulnerabilities (CVE-2017-{9439,9440,9499,9500,9501}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Volkan <vBugZilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1461768 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 612668 | ||
Bug Blocks: |
Description
Volkan
2017-06-30 20:12:40 UTC
CVE-2017-9499 In ImageMagick an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/492 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44 -------------------------------------------------------------------------------- CVE-2017-9500 In ImageMagick an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/500 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d ------------------------------------------------------------------------------- CVE-2017-9501 In ImageMagick an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/491 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74 @maintainer(s), please remove the vulnerable versions. GLSA Vote: No |