* CVE-2023-1906 (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247) "A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service." * No CVE (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr) "A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de00957023df685dd3802adbb29a19265f0c0d45 commit de00957023df685dd3802adbb29a19265f0c0d45 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-15 08:07:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-15 08:07:23 +0000 media-gfx/imagemagick: add 6.9.12.84 Bug: https://bugs.gentoo.org/904357 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/imagemagick/Manifest | 1 + media-gfx/imagemagick/imagemagick-6.9.12.84.ebuild | 271 +++++++++++++++++++++ 2 files changed, 272 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1886cc41914b916e56044289e385dab34496178 commit b1886cc41914b916e56044289e385dab34496178 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-04-15 07:57:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-15 08:07:23 +0000 media-gfx/imagemagick: add 7.1.1.6 Bug: https://bugs.gentoo.org/904357 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/imagemagick/Manifest | 1 + media-gfx/imagemagick/imagemagick-7.1.1.6.ebuild | 281 +++++++++++++++++++++++ 2 files changed, 282 insertions(+)
Cleanup done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a7120d937eaaec2a14046c3d00320bd902c32bf commit 4a7120d937eaaec2a14046c3d00320bd902c32bf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 06:13:29 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 06:14:05 +0000 [ GLSA 202405-02 ] ImageMagick: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/835931 Bug: https://bugs.gentoo.org/843833 Bug: https://bugs.gentoo.org/852947 Bug: https://bugs.gentoo.org/871954 Bug: https://bugs.gentoo.org/893526 Bug: https://bugs.gentoo.org/904357 Bug: https://bugs.gentoo.org/908082 Bug: https://bugs.gentoo.org/917594 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-02.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)