imagemagick

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An image viewing/manipulation program
Version 7.0.8.2-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-499 6.9.9.10-1 6.9.9.11-1 Medium Fixed
AVG-497 6.9.9.3-1 6.9.9.7-1 Medium Fixed
AVG-354 6.9.8.8-2 6.9.8.9-1 Low Fixed
AVG-210 6.9.2.0-1 6.9.2.4-1 Low Not affected
AVG-40 6.9.5.10-1 6.9.6.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-14505 AVG-499 Medium Yes Denial of service
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 6.9.9-10 mishandles certain NULL arrays, which allows attackers to perform Denial of Service...
CVE-2017-13134 AVG-497 Medium Yes Denial of service
In ImageMagick 6.9.9.1, 7.0.6.7 and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which...
CVE-2017-11352 AVG-354 Low Yes Denial of service
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. This is caused by an incomplete...
CVE-2016-7906 AVG-40 High Yes Arbitrary code execution
An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function.
CVE-2016-7799 AVG-40 Medium Yes Denial of service
A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash.
CVE-2016-10252 AVG-210 Low No Denial of service
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers...

Advisories

Date Advisory Group Severity Description
08 Oct 2016 ASA-201610-6 AVG-40 High multiple issues