Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Debian LTS: DLA-1888-1 Moderate: Imagemagick Denial Of Service

debian lts
Calendar Grey August 16, 2019
Dist Debian Esm H88
A security patch for Imagemagick resolves several vulnerabilities. It is advisable to update to version 8:6.8.9.9-5+deb8u18 to safeguard against potential threats.
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit

Summary

NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c
and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.

CVE-2019-13135

Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and
UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might
be leveraged by remote attackers to cause denial of service or unauthorized
disclosure or modification of information via crafted image data.

CVE-2019-13295, CVE-2019-13297

Multiple heap buffer over-reads in AdaptiveThresholdImage
(magick/threshold.c). These vulnerabilities might be leveraged by remote
attackers to cause denial of service or unauthorized disclosure or
modification of information via crafted image data.

CVE-2019-13304, CVE-2019-13305, CVE-2019-13306

Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to

Read the Full Advisory


Package: imagemagick
Version: 8:6.8.9.9-5+deb8u17
CVE ID: CVE-2019-12974 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.