[3.4] imagemagick: Multiple issues (CVE-2016-5010, CVE... CVE-2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491)
CVE-2016-5010: Out-of-bounds read when processing crafted tiff file
Fixed In Version:
ImageMagick 6.9.5-3
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-5010
Patch:
http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5687: Out-of-bounds memory read in VerticalFilter()
Fixed In Version:
ImageMagick 7.0.1-4, ImageMagick 6.9.4-3
References:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
http://seclists.org/oss-sec/2016/q2/564
https://marc.info/?l=oss-security&m=146617202729318&w=2
CVE-2016-5688: Heap overflow and random invalid memory writes in WPg parser
Fixed In Version:
ImageMagick 7.0.1-4, ImageMagick 6.9.4-3
Reference:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
patches:
https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5689: Lack of null pointer check in ReadDCMImage()
Fixed in versions:
7.0.1-4, 6.9.4-3
Reference:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
CVE-2016-5690: Possible integer overflow when computing pixel scaling table in ReadDCMImage
Fixed in versions:
7.0.1-4, 6.9.4-3
Reference:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
CVE-2016-5691: Possible out-of-bounds write in ReadDCMImage()
Fixed In Version:
ImageMagick 7.0.1-7, ImageMagick 6.9.4-3
Reference:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
CVE-2016-5841: Integer overflow in MagickCore/profile.c
Fixed in version:
ImageMagick 6.9.4-10
Reference:
http://seclists.org/oss-sec/2016/q2/586
CVE-2016-5842: Information leak in MagickCore/property.c
Fixed in version:
ImageMagick 6.9.4-10
Reference:
http://seclists.org/oss-sec/2016/q2/586
CVE-2016-6491: ImageMagick: Out-of-bounds read in CopyMagickMemory
Fixed In Version:
ImageMagick 6.9.5-4
Reference:
http://seclists.org/oss-sec/2016/q3/194
(from redmine: issue id 6102, created on 2016-08-29, closed on 2017-09-05)
- Relations:
- parent #6101 (closed)
- Changesets:
- Revision 096657a6 by Natanael Copa on 2016-09-15T14:14:13Z:
main/imagemagick: security upgrade to 6.9.5.9
fixes #6102
CVE-2016-5010
CVE-2016-5687
CVE-2016-5688
CVE-2016-5689
CVE-2016-5690
CVE-2016-5691
CVE-2016-5841
CVE-2016-5842
CVE-2016-6491