[Pkg-gmagick-im-team] Bug#870065: CVE-2017-11639

Bastien ROUCARIES roucaries.bastien at gmail.com
Sat Jul 29 12:04:16 UTC 2017


Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: team at security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded: https://github.com/ImageMagick/ImageMagick/issues/588

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to a heap-based buffer over-read in the WriteCIPImage() function
in coders/cip.c, related to the GetPixelLuma function in
MagickCore/pixel-accessor.h.



More information about the Pkg-gmagick-im-team mailing list