Debian Long Term Support / LTS Security Information / 2020 / Security Information -- DLA-2333-1 imagemagick

Debian Security Advisory

DLA-2333-1 imagemagick -- LTS security update

Date Reported:

19 Aug 2020

Affected Packages:

imagemagick

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 885941, Bug 891291, Bug 894848, Bug 896018, Bug 904713, Bug 917326, Bug 928207, Bug 931196.
In Mitre's CVE dictionary: CVE-2017-12805, CVE-2017-17681, CVE-2017-18252, CVE-2018-7443, CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-10177, CVE-2018-14551, CVE-2018-18024, CVE-2018-20467, CVE-2019-10131, CVE-2019-11472, CVE-2019-11597, CVE-2019-12974, CVE-2019-12977, CVE-2019-12978, CVE-2019-12979, CVE-2019-13295, CVE-2019-13297, CVE-2019-11470, CVE-2019-13454, CVE-2019-14981, CVE-2019-19949.

More information:

Several security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u9.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS