ASA-201610-6 generated external raw

[ASA-201610-6] imagemagick: multiple issues
Arch Linux Security Advisory ASA-201610-6 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-7799 CVE-2016-7906 Package : imagemagick Type : multiple issues Remote : Yes Link : Summary ======= The package imagemagick before version is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to # pacman -Syu "imagemagick>=" The problems have been fixed upstream in version Workaround ========== None. Description =========== - CVE-2016-7799 (denial of service) A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash. - CVE-2016-7906 (arbitrary code execution) An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function. Impact ====== A remote attacker is able to craft a malicious image to execute arbitrary code or crash the application. References ==========