[ubuntu/xenial-security] graphicsmagick 1.3.23-1ubuntu0.5 (Accepted)

Wed, 22 Jan 2020 10:36:16 -0800 

graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in ReadWPGImage() 
    - debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
      PseudoClass type with valid colormapped indexes.
    - CVE-2017-16545
  * SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
    - debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
      to large strncpy size request and bad array index.
    - CVE-2017-16547
  * SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c 
    - debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
      something fails.
    - debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
    - debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
      pointer due to programming error and report it.
    - debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
      produce expected PseudoClass indexes.
    - debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
    - debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
      all calls.
    - CVE-2017-16669
  * SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
    - debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
      gray+alpha 1-bit/sample.
    - CVE-2017-17498
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
    - debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17500
  * SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
    - debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
      testing pixels for opacity.
    - CVE-2017-17501
  * SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
    - debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17502
  * SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
    - debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17503
  * SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
    - debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
      which caused heap read overflow.
    - CVE-2017-17782
  * SECURITY UPDATE: Buffer over-read in ReadPALMImage()
    - debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
      while initializing color palette.
    - CVE-2017-17783

Date: 2020-01-22 16:40:19.357787+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barre...@canonical.com>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.5

Sorry, changesfile not available.
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to