Summary: | <media-gfx/imagemagick-7.0.6-4: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ImageMagick/ImageMagick/issues/634 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-08-01 19:06:26 UTC
For CVE-2017-11755: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/634 ------------------------------------------------------------------- For CVE-2017-11754: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/633 ------------------------------------------------------------------- For CVE-2017-11753: The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/629 Gentoo Security Padawan ChrisADR @Security The bug was already fixed by upstream and tree is clean. The only affected version was non-stable so dropped to ~3, we only need to add CVE. Thanks Gentoo Security Padawan ChrisADR |