Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1401-1 graphicsmagick

Debian Security Advisory

DLA-1401-1 graphicsmagick -- LTS security update

Date Reported:

27 Jun 2018

Affected Packages:

graphicsmagick

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 870149, Bug 870157, Bug 872574, Bug 873130, Bug 873129, Bug 873119, Bug 873099, Bug 881524.
In Mitre's CVE dictionary: CVE-2016-3716, CVE-2016-3717, CVE-2016-3718, CVE-2016-5241, CVE-2016-7446, CVE-2016-7447, CVE-2016-7448, CVE-2016-7449, CVE-2017-11636, CVE-2017-11643, CVE-2017-12937, CVE-2017-13063, CVE-2017-13064, CVE-2017-13065, CVE-2017-13134, CVE-2017-14314, CVE-2017-14733, CVE-2017-16353, CVE-2017-16669, CVE-2017-17498, CVE-2017-17500, CVE-2017-17501, CVE-2017-17502, CVE-2017-17503, CVE-2017-17782, CVE-2017-17912, CVE-2017-17915.

More information:

Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

For Debian 8 Jessie, these problems have been fixed in version 1.3.20-3+deb8u3.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS