This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.13 --------------- imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium
[ Steve Beattie ] * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml * SECURITY UPDATE: information leak in ReadXBMImage - debian/patches/CVE-2018-16323.patch: don't leave data uninitialized with negative pixels - CVE-2018-16323 * SECURITY UPDATE: memory leak of colormap in WriteMPCImage - debian/patches/CVE-2018-14434.patch: free colormap on bad color depth - CVE-2018-14434 * SECURITY UPDATE: memory leak in DecodeImage - debian/patches/CVE-2018-14435.patch: free memory when given a bad plane - CVE-2018-14435 * SECURITY UPDATE: memory leak in ReadMIFFImage - debian/patches/CVE-2018-14436.patch: free memory when given a bad depth - CVE-2018-14436 * SECURITY UPDATE: memory leak in parse8BIM - debian/patches/CVE-2018-14437-prereq.patch: check for negative values - debian/patches/CVE-2018-14437.patch: free strings in error conditions - CVE-2018-14437 * SECURITY UPDATE: memory leak in ReadOneJNGImage - debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG() - debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG() - debian/patches/CVE-2018-16640.patch: free memory on error - CVE-2018-16640 * SECURITY UPDATE: denial of service due to out-of-bounds write in InsertRow - debian/patches/CVE-2018-16642.patch: improve checking for errors - CVE-2018-16642 * SECURITY UPDATE: denial of service due to missing fputc checks - debian/patches/CVE-2018-16643.patch: check fputc calls for error - CVE-2018-16643 * SECURITY UPDATE: denial of service in ReadDCMImage and ReadPICTImage - debian/patches/CVE-2018-16644-prereq-1.patch: make ReadRectangle() a boolean returning function and use it. - debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF when reading from file - debian/patches/CVE-2018-16644-prereq-3.patch: define ThrowPICTException() macro and use it - debian/patches/CVE-2018-16644-1.patch, debian/patches/CVE-2018-16644-2.patch: check for invalid length - CVE-2018-16644 * SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage - debian/patches/CVE-2018-16645.patch: ensure number_colors is not too large - CVE-2018-16645 * SECURITY UPDATE: denial of service in ReadOneJNGImage - debian/patches/CVE-2018-16749.patch; check for NULL color_image - CVE-2018-16749 * SECURITY UPDATE: memory leak in formatIPTCfromBuffer - debian/patches/CVE-2018-16750.patch: free memory on error - CVE-2018-16750 [ Marc Deslauriers ] * SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485) - debian/patches/0297-CVE-2017-13144.patch: removed pending further investigation. - debian/patches/CVE-2017-12430.patch: refreshed. -- Steve Beattie <sbeat...@ubuntu.com> Fri, 28 Sep 2018 11:21:01 -0700 ** Changed in: imagemagick (Ubuntu Trusty) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12430 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14434 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14435 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14436 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14437 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16323 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16640 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16642 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16643 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16644 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16645 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16749 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16750 ** Changed in: imagemagick (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1793485 Title: segfault in png to gif conversion Status in imagemagick package in Ubuntu: Fix Released Status in imagemagick source package in Trusty: Fix Released Status in imagemagick source package in Xenial: Fix Released Status in imagemagick source package in Bionic: Fix Released Bug description: Regression between 8:6.8.9.9-7ubuntu5.9 and 8:6.8.9.9-7ubuntu5.12. Test case: 1. Download the attached pngs. 2. Run: /usr/bin/convert -limit memory 512MiB -limit map 0MiB -limit file 10 -delay 16 -loop 0 -coalesce -deconstruct ./*.png ./output.gif Expected result: Process finishes with resulting output.gif. Actual result: Process is aborted with SIGSEGV: Other information: In my tests looks like it has been introduced in 8:6.8.9.9-7ubuntu5.11 and does not occur on Bionic. Stack trace: #0 EncodeImage (image_info=0x645c40, data_size=<optimized out>, image=0x636890) at ../../coders/gif.c:676 #1 WriteGIFImage (image_info=0x640700, image=0x636890) at ../../coders/gif.c:1905 #2 0x00007ffff79a5f0f in WriteImage (image_info=image_info@entry=0x618680, image=image@entry=0x62cb30) at ../../magick/constitute.c:1184 #3 0x00007ffff79a684f in WriteImages (image_info=image_info@entry=0x60fcd0, images=<optimized out>, images@entry=0x62cb30, filename=<optimized out>, exception=exception@entry=0x602ea0) at ../../magick/constitute.c:1335 #4 0x00007ffff763e84e in ConvertImageCommand (image_info=0x60fcd0, argc=19, argv=0x6143b0, metadata=0x0, exception=0x602ea0) at ../../wand/convert.c:3215 #5 0x00007ffff76ab527 in MagickCommandGenesis ( image_info=image_info@entry=0x60aab0, command=0x4007f0 <ConvertImageCommand@plt>, argc=argc@entry=19, argv=argv@entry=0x7fffffffdc68, metadata=metadata@entry=0x0, exception=exception@entry=0x602ea0) at ../../wand/mogrify.c:168 #6 0x0000000000400877 in ConvertMain (argv=0x7fffffffdc68, argc=19) at ../../utilities/convert.c:81 #7 main (argc=19, argv=0x7fffffffdc68) at ../../utilities/convert.c:92 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1793485/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp