- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2333-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
August 18, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : imagemagick
Version        : 8:6.9.7.4+dfsg-11+deb9u9
CVE ID         : CVE-2017-12805 CVE-2017-17681 CVE-2017-18252
                 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960
                 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
                 CVE-2018-18024 CVE-2018-20467 CVE-2019-10131
                 CVE-2019-11472 CVE-2019-11597 CVE-2019-12974
                 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979
                 CVE-2019-13295 CVE-2019-13297 CVE-2019-11470
                 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949
Debian Bug     : 885941 891291 894848 896018 904713 917326 928207 931196
                 931191 931190 931189 931457 927830 931740 955025
947309

Several security vulnerabilities were fixed in Imagemagick. Various
memory handling problems and cases of missing or incomplete input
sanitizing may result in denial of service, memory or CPU exhaustion,
information disclosure or potentially the execution of arbitrary code
when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version
8:6.9.7.4+dfsg-11+deb9u9.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS