[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 242-1] imagemagick security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : imagemagick
Version        : 8:6.6.0.4-3+squeeze6
CVE ID         : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562
Debian Bug     : #773834 #767240 #683285 #692367

This update fixes a large number of potential security problems due to
insufficient data validation when parsing different input
formats. Most of those potential security problems do not have a CVE
number assigned.

While the security implications of all of these problems are not all
fully known, it is highly recommended to update.

The update fixes the following identified vulnerabilities:

CVE-2012-3437

    Incorrect validation of PNG buffer size, leading to DoS using
specially crafted PNG files.

CVE-2014-8354

    Out of bounds memory access in resize

CVE-2014-8355

    Buffer overflow in PCX reader

CVE-2014-8562

    Buffer overflow in DCM readers

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVeeqmAAoJEO3GeJm/E8RX/P0IAIztw53pFPTIsRMdKfOrhYSc
mkyt6cQ2p9Qw8sjt3zyddiA8WaLslhbDcinlKMS1i7Amsydg8LoI9aSMJtWzo+2x
+CP4h3pZEQMEc+V1vgptO77y0S3kuL30M+DMD8gPo2pUA7D3gAGHinFqhmu25g11
C5WKoXmltAaEm0avie6c4YrcR4b/iEOtcdCaJWIgmWOp2o+7YFBlQVo9Iy103Tp1
bahrLJANgW1//y1Lkh9LXW1hF8QkHhkWlLu1JQeZQgLvIIxejYv9DJgkvPCSXRwy
GIw5gwHkzAMy3WzOpWOaN60kjZ1udLE5GB0fEMaqTC8RyHUFy5v/r9IEbb46ukM=
=vQey
-----END PGP SIGNATURE-----


Reply to: