(CVE-2017-13061):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13061 In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. (CVE-2017-13060):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13060 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13059):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13059 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. (CVE-2017-13058):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13058 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
See ${URL}: @maintainer(s), please follow procedure to stabilized if needed and close on report, thank you. Daj'Uan (mbailey_j) Gentoo Security Scout
Patch1:(CVE-2017-13061 - https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7 ) Patch2:(CVE-2017-13060 - https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907 ) Patch3:(CVE-2017-13059 - https://github.com/ImageMagick/ImageMagick/commit/6519c467c9577ac963e0e44f8f47641fb24c192d ) Patch4:(CVE-2017-13058 - https://github.com/ImageMagick/ImageMagick/commit/36d552245454f88aff5afddec29b9121b3d9b38f ) @maintainer(s), I've cherry-picked the patches associated with the CVE's.
Fixed in Gentoo via https://github.com/gentoo/gentoo/commit/c1a4d3964144758b282be963b36aaddcef3a4db8#diff-c3da9b5318c1a67d6927fb8032d46fe5
This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man).