Package: imagemagick / 8:6.9.7.4+dfsg-11+deb9u6

Metadata

Package Version Patches format
imagemagick 8:6.9.7.4+dfsg-11+deb9u6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Remove spurious cache line.patch | (download)

index.html | 2 1 + 1 - 0 !
www/ImageMagickObject.html | 1 0 + 1 - 0 !
www/advanced-unix-installation.html | 1 0 + 1 - 0 !
www/advanced-windows-installation.html | 1 0 + 1 - 0 !
www/animate.html | 1 0 + 1 - 0 !
www/api.html | 1 0 + 1 - 0 !
www/architecture.html | 1 0 + 1 - 0 !
www/binary-releases.html | 1 0 + 1 - 0 !
www/changelog.html | 1 0 + 1 - 0 !
www/cipher.html | 1 0 + 1 - 0 !
www/color-management.html | 1 0 + 1 - 0 !
www/color.html | 1 0 + 1 - 0 !
www/command-line-options.html | 1 0 + 1 - 0 !
www/command-line-processing.html | 1 0 + 1 - 0 !
www/command-line-tools.html | 1 0 + 1 - 0 !
www/compare.html | 1 0 + 1 - 0 !
www/compose.html | 1 0 + 1 - 0 !
www/composite.html | 1 0 + 1 - 0 !
www/conjure.html | 1 0 + 1 - 0 !
www/connected-components.html | 1 0 + 1 - 0 !
www/convert.html | 1 0 + 1 - 0 !
www/display.html | 1 0 + 1 - 0 !
www/distribute-pixel-cache.html | 1 0 + 1 - 0 !
www/download.html | 1 0 + 1 - 0 !
www/escape.html | 1 0 + 1 - 0 !
www/examples.html | 1 0 + 1 - 0 !
www/exception.html | 1 0 + 1 - 0 !
www/export.html | 1 0 + 1 - 0 !
www/formats.html | 1 0 + 1 - 0 !
www/fx.html | 1 0 + 1 - 0 !
www/gradient.html | 1 0 + 1 - 0 !
www/high-dynamic-range.html | 1 0 + 1 - 0 !
www/history.html | 1 0 + 1 - 0 !
www/identify.html | 1 0 + 1 - 0 !
www/import.html | 1 0 + 1 - 0 !
www/index.html | 1 0 + 1 - 0 !
www/install-source.html | 1 0 + 1 - 0 !
www/jp2.html | 1 0 + 1 - 0 !
www/license.html | 1 0 + 1 - 0 !
www/links.html | 1 0 + 1 - 0 !
www/magick++.html | 1 0 + 1 - 0 !
www/magick-core.html | 1 0 + 1 - 0 !
www/magick-script.html | 1 0 + 1 - 0 !
www/magick-vector-graphics.html | 1 0 + 1 - 0 !
www/magick-wand.html | 1 0 + 1 - 0 !
www/magick.html | 1 0 + 1 - 0 !
www/miff.html | 1 0 + 1 - 0 !
www/mogrify.html | 1 0 + 1 - 0 !
www/montage.html | 1 0 + 1 - 0 !
www/motion-picture.html | 1 0 + 1 - 0 !
www/opencl.html | 1 0 + 1 - 0 !
www/openmp.html | 1 0 + 1 - 0 !
www/perl-magick.html | 1 0 + 1 - 0 !
www/porting.html | 1 0 + 1 - 0 !
www/quantize.html | 1 0 + 1 - 0 !
www/resources.html | 1 0 + 1 - 0 !
www/security-policy.html | 1 0 + 1 - 0 !
www/sitemap.html | 1 0 + 1 - 0 !
www/stream.html | 1 0 + 1 - 0 !
www/support.html | 1 0 + 1 - 0 !
www/webp.html | 1 0 + 1 - 0 !
61 files changed, 1 insertion(+), 61 deletions(-)

 [patch] remove spurious cache line

This does not allow to apply patch cleanly

find . -path './.git' -prune -o -type 'f' -name '*.html' -exec sed -i 's,^<!-- Magick Cache.*$,,g' {} \;

0002 Fix br tag.patch | (download)

www/api/Image++.html | 262 131 + 131 - 0 !
1 file changed, 131 insertions(+), 131 deletions(-)

 [patch] fix br tag

find . -path './.git' -prune -o -type 'f' -name '*.html' -exec sed -i 's,<br>,<br />,g' {} \;

0003 Fix api Image .html.patch | (download)

www/api/Image++.html | 16 7 + 9 - 0 !
1 file changed, 7 insertions(+), 9 deletions(-)

 [patch] fix api/image++.html

0004 Fix www api mophologie.html.patch | (download)

www/api/morphology.html | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] fix www/api/mophologie.html

0005 Fix www search.html.patch | (download)

www/search.html | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] fix www/search.html

0006 Fix www command line options.html.patch | (download)

www/command-line-options.html | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] fix www/command-line-options.html

0007 Use modern idiom for autoconf.patch | (download)

configure.ac | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 [patch] use modern idiom for autoconf

0008 Allow distribution to custumize the html pointer to .patch | (download)

configure.ac | 12 12 + 0 - 0 !
utilities/conjure.1.in | 4 2 + 2 - 0 !
utilities/convert.1.in | 4 2 + 2 - 0 !
utilities/display.1.in | 4 2 + 2 - 0 !
utilities/identify.1.in | 4 2 + 2 - 0 !
utilities/import.1.in | 4 2 + 2 - 0 !
utilities/mogrify.1.in | 4 2 + 2 - 0 !
utilities/montage.1.in | 4 2 + 2 - 0 !
utilities/stream.1.in | 4 2 + 2 - 0 !
9 files changed, 28 insertions(+), 16 deletions(-)

 [patch] allow distribution to custumize the html pointer to
 documentation

Allow to say on debian system you might install the imagemagick-doc package

0009 Improve policy in order to be safer.patch | (download)

config/policy.xml | 23 14 + 9 - 0 !
1 file changed, 14 insertions(+), 9 deletions(-)

 [patch] improve policy in order to be safer

Limit memory and disk to safe value.

Disable http delegate. You should really use curl

0010 Add a new option in order to use desktop file.patch | (download)

wand/display.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch] add a new option in order to use desktop file

0011 Fix an assertion faillure in TGA.patch | (download)

coders/tga.c | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 [patch] fix an assertion faillure in tga

bug: https://github.com/ImageMagick/ImageMagick/pull/359
bug-debian: https://bugs.debian.org/856878
0012 Fix an out of bound error in sun file handling.patch | (download)

coders/sun.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] fix an out of bound error in sun file handling

bug: https://github.com/ImageMagick/ImageMagick/issues/375
bug: https://github.com/ImageMagick/ImageMagick/issues/376
bug-debian: https://bugs.debian.org/856879
0013 Fixed memory leak when creating nested exceptions in.patch | (download)

Magick++/lib/Exception.cpp | 14 10 + 4 - 0 !
1 file changed, 10 insertions(+), 4 deletions(-)

 [patch] fixed memory leak when creating nested exceptions in
 Magick++.

bug: : https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
bug-debian: https://bugs.debian.org/856880
0014 Check for image list before we destroy the last imag.patch | (download)

coders/xcf.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] check for image list before we destroy the last image in xcf
 coder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

patch sent privately by Андрей Черный

bug-debian: https://bugs.debian.org/856881
0015 Added missing null check.patch | (download)

coders/psd.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 [patch] added missing null check.

bug-debian: https://bugs.debian.org/856882
0016 Fix CVE 2017 7619.patch | (download)

magick/enhance.c | 54 9 + 45 - 0 !
1 file changed, 9 insertions(+), 45 deletions(-)

 [patch] fix cve-2017-7619

In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms.

This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.

0017 Fix CVE 2017 7606.patch | (download)

coders/rle.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] fix cve-2017-7606

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue,
which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted file

bug: https://github.com/ImageMagick/ImageMagick/issues/415
0018 Fixed leak reported in SVG file.patch | (download)

coders/svg.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] fixed leak reported in svg file

Fix CVE-2017-7943
bug: https://github.com/ImageMagick/ImageMagick/issues/427
bug-debian: https://bugs.debian.org/860736
0019 Fixed memory leak reported in sgi files.patch | (download)

coders/sgi.c | 40 31 + 9 - 0 !
1 file changed, 31 insertions(+), 9 deletions(-)

 [patch] fixed memory leak reported in sgi files

Fix a leak in avs file and CVE-2017-7941

0020 Fixed memory leak reported in avs file.patch | (download)

coders/avs.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] fixed memory leak reported in avs file

Fix CVE-2017-7942

bug: https://github.com/ImageMagick/ImageMagick/issues/429
bug-debian: https://bugs.debian.org/860735
0021 Fix CVE 2017 8343.patch | (download)

coders/aai.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] fix cve-2017-8343

The ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Fix it by detecting the corruption

bug: https://github.com/ImageMagick/ImageMagick/issues/444
bug-debian: https://bugs.debian.org/862572
0022 CVE 2017 8344.patch | (download)

coders/pcx.c | 50 28 + 22 - 0 !
1 file changed, 28 insertions(+), 22 deletions(-)

 [patch] cve-2017-8344

The ReadPCXImage function in pcx.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

Detect this kind of files

bug: https://github.com/ImageMagick/ImageMagick/issues/446
bug-debian: https://bugs.debian.org/862574
0023 1 2 Prepare fix for CVE 2017 8345.patch | (download)

coders/png.c | 81 30 + 51 - 0 !
1 file changed, 30 insertions(+), 51 deletions(-)

 [patch] [1/2] prepare fix for cve-2017-8345

Refactored MngInfoFreeStruct in order to apply check only once

bug: https://github.com/ImageMagick/ImageMagick/issues/442
0024 2 2 Refactored ReadMNGImage to fix memory leak repor.patch | (download)

coders/png.c | 105 62 + 43 - 0 !
1 file changed, 62 insertions(+), 43 deletions(-)

 [patch] [2/2] refactored readmngimage to fix memory leak reported in
 #442

The ReadMNGImage function in png.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

bug: https://github.com/ImageMagick/ImageMagick/issues/442
0025 CVE 2017 8346.patch | (download)

coders/dcm.c | 78 47 + 31 - 0 !
1 file changed, 47 insertions(+), 31 deletions(-)

 [patch] cve-2017-8346

The ReadDCMImage function in dcm.c allows
attackers to cause a denial of service (memory leak) via a crafted
file.

bug: https://github.com/ImageMagick/ImageMagick/issues/440
0026 CVE 2017 8347.patch | (download)

coders/exr.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] cve-2017-8347

The ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/441
0027 CVE 2017 8348.patch | (download)

coders/mat.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] cve-2017-8348

The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/445
0028 CVE 2017 8349.patch | (download)

coders/sfw.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] cve-2017-8349

The ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/443
bug-debian: https://bugs.debian.org/862579
0029 1 3 CVE 2017 8350 Fixed more memory leaks.patch | (download)

coders/png.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 [patch] [1/3] cve-2017-8350 fixed more memory leaks.

(cherry picked from commit 8b7af6e1e7163d62fc98add772da73b2f88b31d7)

0030 2 3 Some minor refactoring.patch | (download)

coders/png.c | 39 9 + 30 - 0 !
1 file changed, 9 insertions(+), 30 deletions(-)

 [patch] [2/3] some minor refactoring.

(cherry picked from commit 20b000e2c5fca2f5fe17750e64c77b7fdce627fe)

0031 3 3 CVE 2017 8350 Fixed various leaks in ReadOneJNGI.patch | (download)

coders/png.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 [patch] [3/3] cve-2017-8350 fixed various leaks in readonejngimage
 reported in #447

0032 CVE 2017 8351.patch | (download)

coders/pcd.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 [patch] cve-2017-8351

The ReadPCDImage function in pcd.c allows attackers to cause a denial
of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/448
0033 1 2 CVE 2017 8352.patch | (download)

coders/xwd.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 [patch] [1/2] cve-2017-8352

The ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/452
bug-debian: https://bugs.debian.org/862590
0034 2 2 CVE 2017 8352.patch | (download)

coders/xwd.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] [2/2] cve-2017-8352

The ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/452
bug-debian: https://bugs.debian.org/862590
0035 CVE 2017 8353.patch | (download)

coders/pict.c | 43 32 + 11 - 0 !
1 file changed, 32 insertions(+), 11 deletions(-)

 [patch] cve-2017-8353

The ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/454
bug-debian: https://bugs.debian.org/862632
0036 CVE 2017 8354.patch | (download)

coders/bmp.c | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 [patch] cve-2017-8354

the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/451
bug-debian: https://bugs.debian.org/862633
0037 CVE 2017 8355.patch | (download)

coders/mtv.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] cve-2017-8355

the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file

bug: https://github.com/ImageMagick/ImageMagick/issues/450
0038 CVE 2017 8356.patch | (download)

coders/sun.c | 17 13 + 4 - 0 !
1 file changed, 13 insertions(+), 4 deletions(-)

 [patch] cve-2017-8356

The ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/449
bug-debian: https://bugs.debian.org/862635
0039 CVE 2017 8357.patch | (download)

coders/ept.c | 20 17 + 3 - 0 !
1 file changed, 17 insertions(+), 3 deletions(-)

 [patch] cve-2017-8357

The ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/453
0040 CVE 2017 8765.patch | (download)

coders/icon.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] cve-2017-8765

The function named ReadICONImage in coders\icon.c in ImageMagick has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.

Added extra check that was reported in #466.

(cherry picked from commit b3299a3f2ec597172b092e9f7b71d2c9e75287c7)

0041 CVE 2017 8830.patch | (download)

coders/bmp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] cve-2017-8830

The ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.

Replace image in list to fix issue reported in #467.

(cherry picked from commit ff2431d8f17d4a7c906438042a649b04aec93558)

bug: https://github.com/ImageMagick/ImageMagick/issues/467
bug-debian: https://bugs.debian.org/862637
0042 Check for EOF conditions for RLE image format.patch | (download)

coders/rle.c | 93 66 + 27 - 0 !
1 file changed, 66 insertions(+), 27 deletions(-)

 [patch] check for eof conditions for rle image format

This fix a crash for a specialy crafted file

This fix CVE-2017-9144

(cherry picked from commit 7fdf9ea808caa3c81a0eb42656e5fafc59084198)

0043 Fixed incorrect call to WriteBlob reported in 490.patch | (download)

coders/png.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 [patch] fixed incorrect call to writeblob reported in #490.

A crafted file revealed an assertion failure in blob.c.

This fix CVE-2017-9142

0044 Added check to prevent image being 0x0 reported in 4.patch | (download)

coders/dds.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 [patch] added check to prevent image being 0x0 (reported in #489).

crafted file revealed an assertion failure in profile.c.
    magick: MagickCore/profile.c:1303: ResetImageProfileIterator: Assertion `image != (Image *) ((void *)0)' failed.

This fix CVE-2017-9141

0045 Fixed memory leak reported in 456.patch | (download)

coders/art.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] fixed memory leak reported in #456.

Specially crafted arts file could lead to memory leak

This fix CVE-2017-9143

0046 CVE 2017 9098 use of uninitialized memory in RLE dec.patch | (download)

coders/rle.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] cve-2017-9098: use of uninitialized memory in rle decoder

Reset memory for RLE decoder (patch provided by scarybeasts)

bug: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862967
0047 CVE 2017 9261 Memory leak in the ReadMNGImage functi.patch | (download)

coders/png.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] cve-2017-9261: memory leak in the readmngimage function

In ImageMagic, the ReadMNGImage function in coders/png.c
allows attackers to cause a denial of service (memory leak) via a
crafted file.

bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863833
bug: https://github.com/ImageMagick/ImageMagick/issues/476
0048 CVE 2017 9262 Memory leak in the ReadJNGImage functi.patch | (download)

coders/png.c | 21 17 + 4 - 0 !
1 file changed, 17 insertions(+), 4 deletions(-)

 [patch] cve-2017-9262: memory leak in the readjngimage function

In ImageMagick, the ReadJNGImage function in coders/png.c
allows attackers to cause a denial of service (memory leak) via a
crafted file.

bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863834
bug: https://github.com/ImageMagick/ImageMagick/issues/475
0049 CVE 2017 9409 the ReadMPCImage function in mpc.c all.patch | (download)

coders/mpc.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 [patch] cve-2017-9409: the readmpcimage function in mpc.c allows
 attackers to cause a denial of service (memory leak) via a crafted file.

0050 CVE 2017 9407 the ReadPALMImage function in palm.c a.patch | (download)

coders/palm.c | 14 12 + 2 - 0 !
1 file changed, 12 insertions(+), 2 deletions(-)

 [patch] cve-2017-9407: the readpalmimage function in palm.c allows
 attackers to cause a denial of service (memory leak) via a crafted file.

Fixed memory leak reported in #459.

0051 CVE 2017 9405 the ReadICONImage function in icon.c 4.patch | (download)

coders/icon.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 [patch] cve-2017-9405: the readiconimage function in icon.c:452
 allows attackers to cause a denial of service (memory leak) via a crafted
 file.

Fixed memory leak reported in #457.

bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864087
bug: https://github.com/ImageMagick/ImageMagick/issues/457
0052 CVE 2017 9439.patch | (download)

coders/pdb.c | 19 14 + 5 - 0 !
1 file changed, 14 insertions(+), 5 deletions(-)

 [patch] cve-2017-9439

A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/460
0053 CVE 2017 9440.patch | (download)

coders/psd.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] cve-2017-9440

A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.

bug: https://github.com/ImageMagick/ImageMagick/issues/462
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864273
0054 CVE 2017 10928.patch | (download)

magick/token.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 [patch] cve-2017-10928

A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have unspecified other impact
via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.

0055 CVE 2017 9144 fix incomplete patch.patch | (download)

coders/rle.c | 18 9 + 9 - 0 !
1 file changed, 9 insertions(+), 9 deletions(-)

 [patch] cve-2017-9144 fix incomplete patch

a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c

bug: https://github.com/ImageMagick/ImageMagick/issues/502
0056 1 2 Enable heap overflow check for stdin for mpc fil.patch | (download)

coders/mpc.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] [1/2] enable heap overflow check for stdin for mpc files

Enabling seekable streams is required to ensure checking the blob size
works when an image is streamed on stdin.

0057 2 2 Enable heap overflow check for stdin for mpc fil.patch | (download)

coders/mpc.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] [2/2] enable heap overflow check for stdin for mpc files

Enabling seekable streams is required to ensure checking the blob size
works when an image is streamed on stdin.

0058 1 2 CPU exhaustion in ReadDPXImage.patch | (download)

coders/dpx.c | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 [patch] [1/2] cpu exhaustion in readdpximage

Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.

0059 1 2 CPU exhaustion in ReadDPXImage.patch | (download)

coders/dpx.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] [1/2] cpu exhaustion in readdpximage

Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.