Debian Security Advisory

DLA-1130-1 graphicsmagick -- LTS security update

Date Reported:
19 Oct 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-14103, CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994, CVE-2017-14997.
More information:

This upload fixes a number of security issues in graphicsmagick.

  • CVE-2017-14103

    The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions.

  • CVE-2017-14314

    Heap-based buffer over-read in DrawDashPolygon() .

  • CVE-2017-14504

    NULL pointer dereference triggered by malformed file.

  • CVE-2017-14733

    Ensure we detect alpha images with too few colors.

  • CVE-2017-14994

    DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer.

  • CVE-2017-14997

    Unsigned underflow leading to astonishingly large allocation request.

For Debian 7 Wheezy, these problems have been fixed in version 1.3.16-1.1+deb7u10.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: