-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Feb 2024 15:31:24 +0000 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick Architecture: all Version: 8:6.9.11.60+dfsg-1.3+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Bastien Roucariès Description: imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 1013282 1036999 Changes: imagemagick (8:6.9.11.60+dfsg-1.3+deb11u3) bullseye-security; urgency=medium . * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder * Fix an heap buffer overflow in TIFF coder * Fix uninitialised value passing in TIFFGetField * Fix stack overflow in TIFF coder * Early exit in case of malformed TIFF file * Fix buffer overrun in TIFF coder * Fix unitialised value in TIFF coder * Fix CVE-2022-1115: Heap based overflow in TIFF coder (Closes: #1013282) * Fix uninitialised value in TIFF coders * Use salsa-ci * Fix CVE-2023-1289: A specially created SVG file loaded itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. * Fix CVE-2023-1906: A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. * Fix CVE-2023-34151: Imagemagick was vulnerable due to an undefined behaviors of casting double to size_t in svg, mvg and other coders. (Closes: #1036999) * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. * Fix CVE-2023-5341: A heap use-after-free flaw was found in coders/bmp.c Checksums-Sha1: d0eb9d166b61223e8c0643a24f3400f7fb236c5f 211748 imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb eeaf3de09d8a80de5c0cb149c428adcbab5d34e8 7870284 imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb fde8983a6c4929a97b40e22f8381333fdbe973b8 1516 imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb 6a55aeea5cb7be17823d897b575579f6bc79f5df 1620 imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb 11be1f2e9a522e887b25e242a326e0ce9133322d 18357 imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo 3056d4268a77897953af97bbc6ac3bf49e9d5133 53312 libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb af3607b2fc5261277725a4b6d4e898445c654d4f 47544 libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb e84d2f3808d56376b314e0ed4b084f06a3044623 1368 libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb 687bf56f3b23cd31c3b1b1371944ad615d81a643 50916 libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 10ecd55162eb8277e1943e27fde6c58b6f22487f 1344 libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb 3c9aff62c8dad0f68ee8e5f77cf6d2a41d22f002 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb c0ae5c5cc8f238218bbb215f4138d8e4585776a5 1328 libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb 5d44a1f54bdf07d1336252554aa86b88d7650c90 1368 perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb Checksums-Sha256: a0b5fab00c3eb671f38917936c44962fa60cae5ac253e1e7a989042bfb48236d 211748 imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb b77a1c6cd91ea293a191a79047c748d24a3544b3ad814e8987f33b3cb1382139 7870284 imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb a8d04c30c5154f979a002402be42692e902762936f688d69450963732b5dc202 1516 imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb 7168792bc54d96aae45ffa58beb426b0a54ba2eb2d8b20961c9ab791e2848f1d 1620 imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb 7f1b94ee87396bd1a69df57d20d7cac64a6fa30e6711ab3acc9cc81682a2676d 18357 imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo a9449b5d06d5e50ce29b04a4a4fa397168ede22535ba12759bca5500051820af 53312 libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb c5d39189e3d1478d9fb5bdcbd49dca4f40621143706517f98cd7e831388492ee 47544 libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 7e0d1a488f3def83d8abf659f2edb67f83307e1645518cdc99feee8152701a28 1368 libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb 19fa3428a5391f27b130dc2ce5cb3a703ea9dadbba01821cbae10f618888aa4c 50916 libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 0b85405d2879202f83b8c4f618a746dce7df66a7cd8aec5690b84cc0c11669c1 1344 libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb 0d9db4d5b16e19291b2c237f7a80b27dc1c6f37b79e475c5581220a08aa59437 10508 libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 1f23f920b2ad0bc2ace9c0df4f87543690069421c5e2285da5c569addda1d9fe 1328 libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb c7aa1745a95cb06e5a6b841a34fcc321666ceee7fc5eeca0ba31657a1b6380d7 1368 perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb Files: 0ead6fff28ce4be4a7cd88a652695c1e 211748 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb db962b668c72bc08754e048a3aeeb542 7870284 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb feba98ac8e8b8e57548ba029db50d425 1516 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.3+deb11u3_all.deb 7a8d62c0841da3de8222763f9c5d0afc 1620 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.3+deb11u3_all.deb 71edef788596e6e7e85e4046839e328b 18357 graphics optional imagemagick_6.9.11.60+dfsg-1.3+deb11u3_all-buildd.buildinfo 3e83799e3f0b5eea3d7713f8da531b13 53312 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.3+deb11u3_all.deb d3569c1e13709c2e4755cb3af119e22d 47544 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb a89dd8e392aa3b976939fe2db0f67fee 1368 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb a5cd6ae6674a725104f5e3923fdc674e 50916 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 32ee9641faec35505ff733efac1814d4 1344 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb df3de8154e51c1c37f2ac56a3630b199 10508 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.3+deb11u3_all.deb 177a802c9a51556677487b263fd58362 1328 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.3+deb11u3_all.deb be298808d86b1677009dabbe1f4f74ed 1368 oldlibs optional perlmagick_6.9.11.60+dfsg-1.3+deb11u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtzb3SVunlrB0F8t8ExOkVqF4GXMFAmXSRMsACgkQExOkVqF4 GXO9YA/+N2QiD1zc+G5VcnGYPcwP4TVOE2sZUYOl3w2Dm6JeC2tP26V8OOJvj8ld R8dlZjKencHxKBSom3UaLK9bx6H60HNMD/9Mxmq5n9S+S+YwQoe8yDOb1JyC437D QCtb6fLHGuilawp9Hf+en3MfwTDXK2QGxkYtfZqGRRgOKelWIBDCVVwBzSAz7+wc t0g6gog4zV6XRrW23Tg9WTT93Bo4A4dC2WKsDWvtOjJFRFR0Skeznf4a3iLo6ARQ Rbnb9WHC+0YrC2t6DoW88f5fv0C+DyO2GmeJlVcaXTfTCifOIFDlMaD9P8RrYLYF JZaFvafb+MRTWI0Wg9V3LXkHoM0XX2yRR6GYg9nL/P1J2e/dnfRrVqDWCLymJOQx daIPZsOFlB9EL2Hcyif6wjqE/0pRaVsmYzHZgq7zLieS8rcD8liSwZO6qXYRdNw5 hzerJOUzO5HrZg7lNXokgB0YCm2Nv2ykZxmh8KYd1Xy24Sef40E6eGiTVulJ4Xh/ wO4wyxBrK7shFMyH6Ib0Vs+DMBPAz9dtR8CUdVCYA5+R8UzSZVK278a5ne1CTDsy pOTZfHAwqoZ/MnYkP3XuXxeb/O9RG2ME9LxRIcxyKOuYf22M1BNiKJUX1IorZTuy MpjZ2weP2IJms5Q27r3wASs4n7SZkAf81KR7TWe1lmzOp9Ajmw4= =RMGv -----END PGP SIGNATURE-----