(CVE-2017-13139):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13139 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13140):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13140 In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. (CVE-2017-13141):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13141 In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. (CVE-2017-13142):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13142 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. (CVE-2017-13143):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13143 In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory (CVE-2017-13144):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13144 In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. (CVE-2017-13145):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13145 In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash (CVE-2017-13146):https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13146 In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c
@maintainer(s), pulled this from the site. <quote mikayla-grace commented Aug 22, 2017 • edited Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. See #77fcc8d92 and #d3144a8be. ></quote> ...please follow-up with comment.
CVE-2017-13146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146): In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. CVE-2017-13145 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145): In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. CVE-2017-13144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144): In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. CVE-2017-13143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143): In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. CVE-2017-13142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142): In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. CVE-2017-13141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141): In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. CVE-2017-13140 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140): In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. CVE-2017-13139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139): In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
This is an old one, in repository via https://github.com/gentoo/gentoo/commit/c5ace3d24cc6a01f7840d8f3f30cf36365d0d329
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man).