N/A - GLSA-201606-14

Synopsis

Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service.

Background

Imagemagick is a collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service.
Please visit the references and related bug reports for additional information.

Impact

Remote attackers could potentially perform buffer overflows or conduct Denials of Service.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.3"

References

[ 1 ] Double free in coders/pict.c:2000
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
[ 2 ] Double free in coders/tga.c:221
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
[ 3 ] Imagemagick fuzzing bug http://www.openwall.com/lists/oss-security/2014/12/24/1
[ 4 ] Integer and Buffer overflow in coders/icon.c https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-14