-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : graphicsmagick Version : 1.3.20-3+deb8u7 CVE ID : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506
Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit: CVE-2019-11473 The WriteMATLABImage function (coders/mat.c) is affected by a heap-based buffer overflow. Remote attackers might leverage this vulnerability to cause denial of service or any other unspecified impact via crafted Matlab matrices. CVE-2019-11474 The WritePDBImage function (coders/pdb.c) is affected by a heap-based buffer overflow. Remote attackers might leverage this vulnerability to cause denial of service or any other unspecified impact via a crafted Palm Database file. CVE-2019-11505 CVE-2019-11506 The XWD module (coders/xwd.c) is affected by multiple heap-based buffer overflows and arithmetic exceptions. Remote attackers might leverage these various flaws to cause denial of service or any other unspecified impact via crafted XWD files. For Debian 8 "Jessie", these problems have been fixed in version 1.3.20-3+deb8u7. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzieVcACgkQZYVUZx9w 0DTI4AgAsXVth5VMdXxTIOF4IQmDyF97wYwPIbTGbt98/z5TTfI47SSiCdINZhfd 9NEjV1dQsErtpCh5HEtQzbHyUtt0ONtNA6H3Pol00qiQ8xjhN71+NI4U+MbMyFVH nP+Rw8dtAN8o7RT0TUMxzD+mtnab+mp2NM/EjZXoeS/jxpxySUCugVAlQqGpt2PS OQH2h7ocOC4yL9dE4b0drCkA+hMm0SXFCFGHgPtUrBGBH52oJHyK6ne4YEcef2ux P+cFtr42JdR5sNiRDuv0bw5JmKgygV7UOnWOLh2RbPhp8eIcCoOvgSV82QM2HgB/ EEiSI7CUXiYnXt5dD+eMQahoGuQ0AA== =EBdo -----END PGP SIGNATURE-----