CVE-2017-9439 In ImageMagick a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/460 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718 -------------------------------------------------------------------------------- CVE-2017-9440 In ImageMagick a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/462 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/d4e8b9722577547177a2daecee98ea9e5fe54968
CVE-2017-9499 In ImageMagick an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/492 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44 -------------------------------------------------------------------------------- CVE-2017-9500 In ImageMagick an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/500 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d ------------------------------------------------------------------------------- CVE-2017-9501 In ImageMagick an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/491 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
@maintainer(s), please remove the vulnerable versions.
GLSA Vote: No