graphicsmagick 1.4~hg15968-1 source package in Ubuntu
Changelog
graphicsmagick (1.4~hg15968-1) unstable; urgency=high * Mercurial snapshot, fixing the following security issues (closes: #927029): - ReadMATImage(): Report a corrupt image exception if reader encounters end of file while reading scanlines (use of uninitialized value in IsGrayImag() ), - ReadTOPOLImage(): Report a corrupt image if reader encounters end of file while reading header rows (use of uninitialized value in InsertRow() ), - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and length as well as for the total pixels calculation to prevent some more arithmetic overflows, - SetNexus(): Apply resource limits to pixel nexus allocations to prevent arithmetic and integer overflows, - SetNexus(): Report error for empty region rather than crashing due to divide by zero exception, - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating point exception in SetNexus(), - ReadMATImage(): Quit if image scanlines are not fully populated due to exception to prevent use of uninitialized value in InsertComplexFloatRow(), - ReadMATImage(): Fix memory leak on unexpected end of file, - Throwing an exception is now thread-safe, - Fx module error handling/reporting improvements, - Fix various uses of allocated memory without checking if memory allocation has failed, - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or an irrationally large profile length to prevent memory leak, - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one PixelPacket) of image colormap, - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading DirectClass XWD file, - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE packets to prevent heap buffer overflow, - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while parsing quoted font family value, - CVE-2019-11008: XWD: Perform more header validations, a file size validation, and fix arithmetic overflows leading to heap overwrite, - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent division by zero problems, - WritePDBImage(): Use correct bits/sample rather than image->depth to prevent potential buffer overflow, - WriteMATLABImage(): Add completely missing error handling to prevent heap buffer overflow, - SetNexus(): Fix arithmetic overflow while testing x/y offset limits, - DrawPrimitive(): Check primitive point x/y values for NaN to prevent integer overflow, - DrawImage(): Fix integer overflow while validating gradient dimensions, - WritePDBImage(): Assure that input scanline is cleared in order to cover up some decoder bug to prevent use of uninitialized value, - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE and invalid reads. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 15 Apr 2019 17:40:12 +0000
Upload details
- Uploaded by:
- Laszlo Boszormenyi
- Uploaded to:
- Sid
- Original maintainer:
- Laszlo Boszormenyi
- Architectures:
- any all
- Section:
- graphics
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
graphicsmagick_1.4~hg15968-1.dsc | 2.8 KiB | 2345b0c587141b5c569cde846da414c67a975464387505e5406006eacb7f8a09 |
graphicsmagick_1.4~hg15968.orig.tar.xz | 8.5 MiB | eac04fefacac3bc8bd38f92ca35847b4702ebec9e2e13bde03dca3c936b4c1b1 |
graphicsmagick_1.4~hg15968-1.debian.tar.xz | 140.8 KiB | 38d353149c577577d4c15a8ded5463b0bb7d13e4e2a334c22f4ae772f56a9c12 |
Available diffs
- diff from 1.4~hg15916-2 to 1.4~hg15968-1 (258.9 KiB)
No changes file available.
Binary packages built by this source
- graphicsmagick: No summary available for graphicsmagick in ubuntu eoan.
No description available for graphicsmagick in ubuntu eoan.
- graphicsmagick-dbg: No summary available for graphicsmagick-dbg in ubuntu eoan.
No description available for graphicsmagick-dbg in ubuntu eoan.
- graphicsmagick-imagemagick-compat: No summary available for graphicsmagick-imagemagick-compat in ubuntu eoan.
No description available for graphicsmagick-
imagemagick- compat in ubuntu eoan.
- graphicsmagick-libmagick-dev-compat: No summary available for graphicsmagick-libmagick-dev-compat in ubuntu eoan.
No description available for graphicsmagick-
libmagick- dev-compat in ubuntu eoan.
- libgraphics-magick-perl: No summary available for libgraphics-magick-perl in ubuntu eoan.
No description available for libgraphics-
magick- perl in ubuntu eoan.
- libgraphicsmagick++-q16-12: No summary available for libgraphicsmagick++-q16-12 in ubuntu eoan.
No description available for libgraphicsmagi
ck++-q16- 12 in ubuntu eoan.
- libgraphicsmagick++1-dev: No summary available for libgraphicsmagick++1-dev in ubuntu eoan.
No description available for libgraphicsmagi
ck++1-dev in ubuntu eoan.
- libgraphicsmagick-q16-3: No summary available for libgraphicsmagick-q16-3 in ubuntu eoan.
No description available for libgraphicsmagi
ck-q16- 3 in ubuntu eoan.
- libgraphicsmagick1-dev: No summary available for libgraphicsmagick1-dev in ubuntu eoan.
No description available for libgraphicsmagi
ck1-dev in ubuntu eoan.