FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  509146
Date:      2019-08-17
Time:      11:07:33Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
19d35b0f-ba73-11e6-b1cf-14dae9d210b8ImageMagick -- heap overflow vulnerability

Bastien Roucaries reports:

Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easily trigerrable from a Perl script.


Discovery 2016-11-13
Entry 2016-12-04
ImageMagick
ImageMagick-nox11
lt 6.9.6.4,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.3.7

http://seclists.org/oss-sec/2016/q4/413
https://github.com/ImageMagick/ImageMagick/issues/296
CVE-2016-9298
ports/214517
ports/214511
ports/214520
183d700e-ec70-487e-a9c4-632324afa934ImageMagick -- multiple vulnerabilities

cvedetails.com reports:

CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

CVE-2019-7398: In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

CVE-2019-10131: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

CVE-2019-10714: LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.

CVE-2019-11470: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.

CVE-2019-11472: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.

CVE-2019-11597: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.

CVE-2019-11598: In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.


Discovery 2019-03-07
Entry 2019-05-30
Modified 2019-06-17
ImageMagick7
lt 7.0.8.47

ImageMagick7-nox11
lt 7.0.8.47

ImageMagick6
lt 6.9.10.47,1

ImageMagick6-nox11
lt 6.9.10.47,1

https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
CVE-2019-7175
CVE-2019-7395
CVE-2019-7396
CVE-2019-7397
CVE-2019-7398
CVE-2019-9956
CVE-2019-10131
CVE-2019-10649
CVE-2019-10650
CVE-2019-10714
CVE-2019-11470
CVE-2019-11472
CVE-2019-11597
CVE-2019-11598
e1f67063-aab4-11e6-b2d3-60a44ce6887bImageMagick7 -- multiple vulnerabilities

Multiple sources report:

CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31

CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.

CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.


Discovery 2016-09-14
Entry 2016-12-04
ImageMagick7
ImageMagick7-nox11
lt 7.0.3.6

https://github.com/ImageMagick/ImageMagick/issues/296
https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
CVE-2016-9298
CVE-2016-8866
CVE-2016-8862
ports/214514
16fb4f83-a2ab-11e7-9c14-009c02a2ab30ImageMagick -- denial of service via a crafted font file

MITRE reports:

The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.


Discovery 2017-09-21
Entry 2017-09-26
ImageMagick7
lt 7.0.7.4

ImageMagick7-nox11
lt 7.0.7.4

ImageMagick
le 6.9.8.9_1

ImageMagick-nox11
le 6.9.8.9_1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741
https://github.com/ImageMagick/ImageMagick/issues/771
https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14741
50776801-4183-11e7-b291-b499baebfeafImageMagick -- multiple vulnerabilities

Please reference CVE/URL list for details


Discovery 2017-03-05
Entry 2017-05-25
Modified 2017-05-29
ImageMagick
ImageMagick-nox11
lt 6.9.6.4_2,1

ge 6.9.7.0,1 lt 6.9.8.8,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.5.9

https://nvd.nist.gov/vuln/search/results?query=ImageMagick
CVE-2017-5506
CVE-2017-5507
CVE-2017-5508
CVE-2017-5509
CVE-2017-5510
CVE-2017-5511
CVE-2017-6497
CVE-2017-6498
CVE-2017-6499
CVE-2017-6500
CVE-2017-6501
CVE-2017-6502
CVE-2017-7275
CVE-2017-7606
CVE-2017-7619
CVE-2017-7941
CVE-2017-7942
CVE-2017-7943
CVE-2017-8343
CVE-2017-8344
CVE-2017-8345
CVE-2017-8346
CVE-2017-8347
CVE-2017-8348
CVE-2017-8349
CVE-2017-8350
CVE-2017-8351
CVE-2017-8352
CVE-2017-8353
CVE-2017-8354
CVE-2017-8355
CVE-2017-8356
CVE-2017-8357
CVE-2017-8765
CVE-2017-8830
CVE-2017-9141
CVE-2017-9142
CVE-2017-9143
CVE-2017-9144