Package: imagemagick | Debian Sources

Package: imagemagick / 8:6.9.11.60+dfsg-1.6+deb12u3

Metadata

Package	Version	Patches format
imagemagick	8:6.9.11.60+dfsg-1.6+deb12u3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0061 CVE 2023 34151 properly cast double to size_t.patch \| (download)	coders/caption.c \| 10 5 + 5 - 0 ! coders/label.c \| 10 5 + 5 - 0 ! coders/pcl.c \| 4 2 + 2 - 0 ! coders/pdf.c \| 4 2 + 2 - 0 ! coders/ps.c \| 4 2 + 2 - 0 ! coders/ps2.c \| 4 2 + 2 - 0 ! coders/ps3.c \| 4 2 + 2 - 0 ! coders/svg.c \| 4 2 + 2 - 0 ! magick/annotate.c \| 4 2 + 2 - 0 ! magick/draw.c \| 8 4 + 4 - 0 ! magick/geometry.c \| 4 2 + 2 - 0 ! magick/shear.c \| 10 5 + 5 - 0 ! magick/visual-effects.c \| 4 2 + 2 - 0 ! 13 files changed, 37 insertions(+), 37 deletions(-)	cve-2023-34151: properly cast double to size_t bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0062 heap buffer overflow in ImageMagick 7.1.1 12 contrib.patch \| (download)	coders/tiff.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	heap-buffer-overflow in imagemagick <= 7.1.1-12, contributed by Hardik shah of Vehere (Dawn Treaders team)
0063 Added check for invalid size.patch \| (download)	coders/bmp.c \| 10 2 + 8 - 0 ! 1 file changed, 2 insertions(+), 8 deletions(-)	added check for invalid size.
0064 improve BMP error checking.patch \| (download)	coders/bmp.c \| 28 14 + 14 - 0 ! 1 file changed, 14 insertions(+), 14 deletions(-)	improve bmp error checking bug; https://github.com/ImageMagick/ImageMagick/issues/5980
0065 CVE 2023 5341.patch \| (download)	coders/bmp.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	cve-2023-5341
0066 CVE 2023 34151 properly cast double to size_t.patch \| (download)	coders/mvg.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	cve-2023-34151: properly cast double to size_t bug: https://github.com/ImageMagick/ImageMagick/issues/6341 bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070340 forgot to cast double to unsigned int
0067 CVE 2023 34151.patch \| (download)	coders/txt.c \| 24 12 + 12 - 0 ! magick/image-private.h \| 11 11 + 0 - 0 ! 2 files changed, 23 insertions(+), 12 deletions(-)	cve-2023-34151 This is a prerequist for fixing it magick produces incorrect result possibly due to overflow bug: https://github.com/ImageMagick/ImageMagick/issues/4870
0068 incorrect bounds checking for draw affine https gith.patch \| (download)	magick/draw.c \| 24 16 + 8 - 0 ! 1 file changed, 16 insertions(+), 8 deletions(-)	incorrect bounds checking for draw affine @ https://github.com/ImageMagick/ImageMagick/issues/5497
0069 CVE 2023 34151.patch \| (download)	coders/mvg.c \| 4 2 + 2 - 0 ! magick/image-private.h \| 46 33 + 13 - 0 ! 2 files changed, 35 insertions(+), 15 deletions(-)	cve-2023-34151 improved range checking (https://github.com/ImageMagick/ImageMagick/issues/6341)
0070 check for value 0 ceil not required.patch \| (download)	magick/image-private.h \| 13 5 + 8 - 0 ! 1 file changed, 5 insertions(+), 8 deletions(-)	check for value < 0, ceil() not required This patch addresses CVE-2023-34151, not a recurring bug of CVE-2022-32546. Cast from double to integer is hard to correctly and was fixed by a few patches upstream. bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0071 fix undefined behaviors when casting double to size_.patch \| (download)	magick/image-private.h \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	fix undefined behaviors when casting double to size_t This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream. bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0072 use a different path for positive and negative value.patch \| (download)	magick/image-private.h \| 23 15 + 8 - 0 ! 1 file changed, 15 insertions(+), 8 deletions(-)	use a different path for positive and negative values This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream.
0073 use instead to work around precision limitations of .patch \| (download)	magick/image-private.h \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use >= instead to work around precision limitations of a double. This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream.
0074 CVE 2023 1289 recursion detection fail.patch \| (download)	magick/constitute.c \| 7 0 + 7 - 0 ! magick/draw.c \| 1 0 + 1 - 0 ! magick/image.c \| 1 0 + 1 - 0 ! magick/image.h \| 3 0 + 3 - 0 ! 4 files changed, 12 deletions(-)	cve-2023-1289: recursion detection fail This is a partial revert of the detection recursion of CVE-2023-1289.
0075 improved fix for possible DoS for certain SVG constr.patch \| (download)	magick/draw.c \| 36 25 + 11 - 0 ! 1 file changed, 25 insertions(+), 11 deletions(-)	improved fix for possible dos for certain svg constructs This is partial fix CVE-2023-1289
0076 permit compositing MPRI images.patch \| (download)	coders/mpr.c \| 9 7 + 2 - 0 ! magick/draw.c \| 41 25 + 16 - 0 ! 2 files changed, 32 insertions(+), 18 deletions(-)	permit compositing mpri images This fix follow up of CVE-2023-1289
0077 VID images not permitted when compositing.patch \| (download)	magick/draw.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	vid images not permitted when compositing This fix followup of CVE-2023-1289
0078 do not composite SVG to avoid possible recursion.patch \| (download)	magick/draw.c \| 13 13 + 0 - 0 ! 1 file changed, 13 insertions(+)	do not composite svg to avoid possible recursion This is part of fix of CVE-2023-1289
0079 recursion detection framework.patch \| (download)	magick/draw.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	recursion detection framework Avoid a memory leak in previous patches
0080 Fixed memory leak.patch \| (download)	magick/draw.c \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	fixed memory leak.
0001 Update the image depth after this has been changed b.patch \| (download)	coders/miff.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	update the image depth after this has been changed by SetQuantumFormat.

« Previous 1 2

Patch	File delta	Description
0061 CVE 2023 34151 properly cast double to size_t.patch \| (download)	coders/caption.c \| 10 5 + 5 - 0 ! coders/label.c \| 10 5 + 5 - 0 ! coders/pcl.c \| 4 2 + 2 - 0 ! coders/pdf.c \| 4 2 + 2 - 0 ! coders/ps.c \| 4 2 + 2 - 0 ! coders/ps2.c \| 4 2 + 2 - 0 ! coders/ps3.c \| 4 2 + 2 - 0 ! coders/svg.c \| 4 2 + 2 - 0 ! magick/annotate.c \| 4 2 + 2 - 0 ! magick/draw.c \| 8 4 + 4 - 0 ! magick/geometry.c \| 4 2 + 2 - 0 ! magick/shear.c \| 10 5 + 5 - 0 ! magick/visual-effects.c \| 4 2 + 2 - 0 ! 13 files changed, 37 insertions(+), 37 deletions(-)	cve-2023-34151: properly cast double to size_t bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0062 heap buffer overflow in ImageMagick 7.1.1 12 contrib.patch \| (download)	coders/tiff.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	heap-buffer-overflow in imagemagick <= 7.1.1-12, contributed by Hardik shah of Vehere (Dawn Treaders team)
0063 Added check for invalid size.patch \| (download)	coders/bmp.c \| 10 2 + 8 - 0 ! 1 file changed, 2 insertions(+), 8 deletions(-)	added check for invalid size.
0064 improve BMP error checking.patch \| (download)	coders/bmp.c \| 28 14 + 14 - 0 ! 1 file changed, 14 insertions(+), 14 deletions(-)	improve bmp error checking bug; https://github.com/ImageMagick/ImageMagick/issues/5980
0065 CVE 2023 5341.patch \| (download)	coders/bmp.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	cve-2023-5341
0066 CVE 2023 34151 properly cast double to size_t.patch \| (download)	coders/mvg.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	cve-2023-34151: properly cast double to size_t bug: https://github.com/ImageMagick/ImageMagick/issues/6341 bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070340 forgot to cast double to unsigned int
0067 CVE 2023 34151.patch \| (download)	coders/txt.c \| 24 12 + 12 - 0 ! magick/image-private.h \| 11 11 + 0 - 0 ! 2 files changed, 23 insertions(+), 12 deletions(-)	cve-2023-34151 This is a prerequist for fixing it magick produces incorrect result possibly due to overflow bug: https://github.com/ImageMagick/ImageMagick/issues/4870
0068 incorrect bounds checking for draw affine https gith.patch \| (download)	magick/draw.c \| 24 16 + 8 - 0 ! 1 file changed, 16 insertions(+), 8 deletions(-)	incorrect bounds checking for draw affine @ https://github.com/ImageMagick/ImageMagick/issues/5497
0069 CVE 2023 34151.patch \| (download)	coders/mvg.c \| 4 2 + 2 - 0 ! magick/image-private.h \| 46 33 + 13 - 0 ! 2 files changed, 35 insertions(+), 15 deletions(-)	cve-2023-34151 improved range checking (https://github.com/ImageMagick/ImageMagick/issues/6341)
0070 check for value 0 ceil not required.patch \| (download)	magick/image-private.h \| 13 5 + 8 - 0 ! 1 file changed, 5 insertions(+), 8 deletions(-)	check for value < 0, ceil() not required This patch addresses CVE-2023-34151, not a recurring bug of CVE-2022-32546. Cast from double to integer is hard to correctly and was fixed by a few patches upstream. bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0071 fix undefined behaviors when casting double to size_.patch \| (download)	magick/image-private.h \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	fix undefined behaviors when casting double to size_t This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream. bug: https://github.com/ImageMagick/ImageMagick/issues/6341
0072 use a different path for positive and negative value.patch \| (download)	magick/image-private.h \| 23 15 + 8 - 0 ! 1 file changed, 15 insertions(+), 8 deletions(-)	use a different path for positive and negative values This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream.
0073 use instead to work around precision limitations of .patch \| (download)	magick/image-private.h \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use >= instead to work around precision limitations of a double. This is needed for fixing CVE-2023-34151 Cast from double to integer is hard to correctly and was fixed by a few patches upstream.
0074 CVE 2023 1289 recursion detection fail.patch \| (download)	magick/constitute.c \| 7 0 + 7 - 0 ! magick/draw.c \| 1 0 + 1 - 0 ! magick/image.c \| 1 0 + 1 - 0 ! magick/image.h \| 3 0 + 3 - 0 ! 4 files changed, 12 deletions(-)	cve-2023-1289: recursion detection fail This is a partial revert of the detection recursion of CVE-2023-1289.
0075 improved fix for possible DoS for certain SVG constr.patch \| (download)	magick/draw.c \| 36 25 + 11 - 0 ! 1 file changed, 25 insertions(+), 11 deletions(-)	improved fix for possible dos for certain svg constructs This is partial fix CVE-2023-1289
0076 permit compositing MPRI images.patch \| (download)	coders/mpr.c \| 9 7 + 2 - 0 ! magick/draw.c \| 41 25 + 16 - 0 ! 2 files changed, 32 insertions(+), 18 deletions(-)	permit compositing mpri images This fix follow up of CVE-2023-1289
0077 VID images not permitted when compositing.patch \| (download)	magick/draw.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	vid images not permitted when compositing This fix followup of CVE-2023-1289
0078 do not composite SVG to avoid possible recursion.patch \| (download)	magick/draw.c \| 13 13 + 0 - 0 ! 1 file changed, 13 insertions(+)	do not composite svg to avoid possible recursion This is part of fix of CVE-2023-1289
0079 recursion detection framework.patch \| (download)	magick/draw.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	recursion detection framework Avoid a memory leak in previous patches
0080 Fixed memory leak.patch \| (download)	magick/draw.c \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	fixed memory leak.
0001 Update the image depth after this has been changed b.patch \| (download)	coders/miff.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	update the image depth after this has been changed by SetQuantumFormat.