CVE-2017-17879 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17879): In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. CVE-2017-17914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17914): In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
@ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.9.31 =media-gfx/imagemagick-7.0.7.19
x86 stable
sparc stable (thanks to Rolf Eike Beer)
amd64 stable
ppc/ppc64 stable
ia64 stable
arm stable
hppa stable (thanks to Rolf Eike Beer)
Stable on alpha.
All arches stable. @maintainer(s), please clean the vulnerable versions from the tree: GLSA Vote: No =media-gfx/imagemagick-6.9.9.23 =media-gfx/imagemagick-6.9.9.26 =media-gfx/imagemagick-7.0.7.11 =media-gfx/imagemagick-7.0.7.14
Cleaned up, repository is clean, all done.