Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-1130-1 graphicsmagick

Debian Security Advisory

DLA-1130-1 graphicsmagick -- LTS security update

Date Reported:

19 Oct 2017

Affected Packages:

graphicsmagick

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-14103, CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994, CVE-2017-14997.

More information:

This upload fixes a number of security issues in graphicsmagick.

• CVE-2017-14103

  The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions.

• CVE-2017-14314

  Heap-based buffer over-read in DrawDashPolygon() .

• CVE-2017-14504

  NULL pointer dereference triggered by malformed file.

• CVE-2017-14733

  Ensure we detect alpha images with too few colors.

• CVE-2017-14994

  DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer.

• CVE-2017-14997

  Unsigned underflow leading to astonishingly large allocation request.

For Debian 7 Wheezy, these problems have been fixed in version 1.3.16-1.1+deb7u10.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS