Arch Linux Security Advisory ASA-201903-15 ========================================== Severity: Critical Date : 2019-03-28 CVE-ID : CVE-2019-9956 Package : imagemagick Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-931 Summary ======= The package imagemagick before version 7.0.8.35-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 7.0.8.35-1. # pacman -Syu "imagemagick>=7.0.8.35-1" The problem has been fixed upstream in version 7.0.8.35. Workaround ========== None. Description =========== A stack-based buffer overflow has been found in ImageMagick before 7.0.8-35, in the WritePSImage() function. Impact ====== An attacker can execute arbitrary code via a crafted file. References ========== https://github.com/ImageMagick/ImageMagick/issues/1523 https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979 https://security.archlinux.org/CVE-2019-9956