Source: imagemagick X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for imagemagick. CVE-2022-32545[0]: | A vulnerability was found in ImageMagick, causing an outside the range | of representable values of type 'unsigned char' at coders/psd.c, when | crafted or untrusted input is processed. This leads to a negative | impact to application availability or other problems related to | undefined behavior. https://github.com/ImageMagick/ImageMagick/issues/4962 https://github.com/ImageMagick/ImageMagick/pull/4963 https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43) CVE-2022-32546[1]: | A vulnerability was found in ImageMagick, causing an outside the range | of representable values of type 'unsigned long' at coders/pcl.c, when | crafted or untrusted input is processed. This leads to a negative | impact to application availability or other problems related to | undefined behavior. https://github.com/ImageMagick/ImageMagick/issues/4985 https://github.com/ImageMagick/ImageMagick/pull/4986 https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44) CVE-2022-32547[2]: | In ImageMagick, there is load of misaligned address for type 'double', | which requires 8 byte alignment and for type 'float', which requires 4 | byte alignment at MagickCore/property.c. Whenever crafted or untrusted | input is processed by ImageMagick, this causes a negative impact to | application availability or other problems related to undefined | behavior. https://github.com/ImageMagick/ImageMagick/issues/5033 https://github.com/ImageMagick/ImageMagick/pull/5034 https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-32545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545 [1] https://security-tracker.debian.org/tracker/CVE-2022-32546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546 [2] https://security-tracker.debian.org/tracker/CVE-2022-32547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547 Please adjust the affected versions in the BTS as needed.