FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  452696
Date:      2017-10-23
Time:      08:57:11Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
50776801-4183-11e7-b291-b499baebfeafImageMagick -- multiple vulnerabilities

Please reference CVE/URL list for details


Discovery 2017-03-05
Entry 2017-05-25
Modified 2017-05-29
ImageMagick
ImageMagick-nox11
lt 6.9.6.4_2,1

ge 6.9.7.0,1 lt 6.9.8.8,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.5.9

https://nvd.nist.gov/vuln/search/results?query=ImageMagick
CVE-2017-5506
CVE-2017-5507
CVE-2017-5508
CVE-2017-5509
CVE-2017-5510
CVE-2017-5511
CVE-2017-6497
CVE-2017-6498
CVE-2017-6499
CVE-2017-6500
CVE-2017-6501
CVE-2017-6502
CVE-2017-7275
CVE-2017-7606
CVE-2017-7619
CVE-2017-7941
CVE-2017-7942
CVE-2017-7943
CVE-2017-8343
CVE-2017-8344
CVE-2017-8345
CVE-2017-8346
CVE-2017-8347
CVE-2017-8348
CVE-2017-8349
CVE-2017-8350
CVE-2017-8351
CVE-2017-8352
CVE-2017-8353
CVE-2017-8354
CVE-2017-8355
CVE-2017-8356
CVE-2017-8357
CVE-2017-8765
CVE-2017-8830
CVE-2017-9141
CVE-2017-9142
CVE-2017-9143
CVE-2017-9144
e1f67063-aab4-11e6-b2d3-60a44ce6887bImageMagick7 -- multiple vulnerabilities

Multiple sources report:

CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31

CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.

CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.


Discovery 2016-09-14
Entry 2016-12-04
ImageMagick7
ImageMagick7-nox11
lt 7.0.3.6

https://github.com/ImageMagick/ImageMagick/issues/296
https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
CVE-2016-9298
CVE-2016-8866
CVE-2016-8862
ports/214514
19d35b0f-ba73-11e6-b1cf-14dae9d210b8ImageMagick -- heap overflow vulnerability

Bastien Roucaries reports:

Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easily trigerrable from a Perl script.


Discovery 2016-11-13
Entry 2016-12-04
ImageMagick
ImageMagick-nox11
lt 6.9.6.4,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.3.7

http://seclists.org/oss-sec/2016/q4/413
https://github.com/ImageMagick/ImageMagick/issues/296
CVE-2016-9298
ports/214517
ports/214511
ports/214520
16fb4f83-a2ab-11e7-9c14-009c02a2ab30ImageMagick -- denial of service via a crafted font file

MITRE reports:

The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.


Discovery 2017-09-21
Entry 2017-09-26
ImageMagick7
lt 7.0.7.4

ImageMagick7-nox11
lt 7.0.7.4

ImageMagick
le 6.9.8.9_1

ImageMagick-nox11
le 6.9.8.9_1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741
https://github.com/ImageMagick/ImageMagick/issues/771
https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14741