[Pkg-gmagick-im-team] Bug#891420: imagemagick: CVE-2018-7470
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 25 13:11:38 UTC 2018
Source: imagemagick
Version: 8:6.9.9.34+dfsg-3
Severity: minor
Tags: security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/998
Hi,
the following vulnerability was published for imagemagick.
The issue is not affecting the binary packages (as long we do not
build with webp support, which is not the case yet, cf. #806425).
Thus just filling the bug for upstrem fix tracking purpose and thus
severity minor.
CVE-2018-7470[0]:
| An issue was discovered in ImageMagick 7.0.7-22 Q16. The
| IsWEBPImageLossless function in coders/webp.c allows attackers to cause
| a denial of service (segmentation violation) via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-7470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7470
[1] https://github.com/ImageMagick/ImageMagick/issues/998
Regards,
Salvatore
More information about the Pkg-gmagick-im-team
mailing list