[Pkg-gmagick-im-team] Bug#1021141: imagemagick: CVE-2022-3213
Moritz Mühlenhoff
jmm at inutil.org
Sun Oct 2 19:13:32 BST 2022
Source: imagemagick
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for imagemagick.
CVE-2022-3213[0]:
| A heap buffer overflow issue was found in ImageMagick. When an
| application processes a malformed TIFF file, it could lead to
| undefined behavior or a crash causing a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=2126824
https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-3213
https://www.cve.org/CVERecord?id=CVE-2022-3213
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-gmagick-im-team
mailing list