UbuntuUpdates.org

Package "libmagickcore-6.q16hdri-6-extra"

Name: libmagickcore-6.q16hdri-6-extra

Description:

low-level image manipulation library - extra codecs (Q16HDRI)

Latest version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
Release: jammy (22.04)
Level: security
Repository: universe
Head package: imagemagick
Homepage: https://www.imagemagick.org/

Links


Download "libmagickcore-6.q16hdri-6-extra"


Other versions of "libmagickcore-6.q16hdri-6-extra" in Jammy

Repository Area Version
base universe 8:6.9.11.60+dfsg-1.3build2
updates universe 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Changelog

Version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 2024-07-25 22:07:16 UTC

  imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2023-1289-prepatch.patch: recursion detection
      framework.
    - debian/patches/CVE-2023-1289.patch: erecursion detection
    - d/p/0077-CVE-2023-1289-recursion-detection-fail.patch: recursion detection
      fail
    - d/p/0078-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch:
      improved fix for possible DoS for certain SVG constructs
    - debian/patches/0079-permit-compositing-MPRI-images.patch: permit
      compositing MPRI images.
    - d/p/0080-VID-images-not-permitted-when-compositing.patch: VID images not
      permitted when compositing.
    - d/p/0081-do-not-composite-SVG-to-avoid-possible-recursion.patch: do not
      composite SVG to avoid possible recursion.
    - CVE-2023-1289
  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
    - debian/patches/CVE-2023-34151-prepatch.patch: improved range checking.
    - debian/patches/CVE-2023-34151-prepatch-2.patch: add additional checks for
      casting double to size_t
    - debian/patches/CVE-2023-34151.patch: properly cast double to size_t.
    - d/p/0069-CVE-2023-34151-properly-cast-double-to-size_t.patch: properly
      cast double to size_t
    - debian/patches/0070-CVE-2023-34151.patch: magick produces incorrect
      result possibly due to overflow.
    - debian/patches/0072-CVE-2023-34151.patch: improved range checking
    - debian/patches/0073-check-for-value-0-ceil-not-required.patch: check for
      value < 0, ceil() not required
    - d/p/0074-fix-undefined-behaviors-when-casting-double-to-size_.patch: fix
      undefined behaviors when casting double to size_t
    - d/p/0075-use-a-different-path-for-positive-and-negative-value.patch: use
      a different path for positive and negative values
    - d/p/0076-use-instead-to-work-around-precision-limitations-of-.patch: use
      >= instead to work around precision limitations of a double.
    - CVE-2023-34151
  * Other security fixes:
    - debian/patches/0063-Added-check-for-invalid-size.patch: Added check for
      invalid size.
    - debian/patches/0064-improve-BMP-error-checking.patch: improve BMP
      error checking.
    - d/p/0071-incorrect-bounds-checking-for-draw-affine-https-gith.patch:
      incorrect bounds checking for draw affine
    - debian/patches/0082-recursion-detection-framework.patch: recursion
      detection framework.
    - debian/patches/0083-Fixed-memory-leak.patch: Fixed memory leak.

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 19 Jul 2024 17:37:45 -0300

Source diff to previous version
CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a rem
CVE-2023-34151 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other code

Version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3 2023-03-31 14:06:56 UTC

  imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY REGRESSION: Revert additional mitigation.
    - debian/patches/CVE-2022-44267_44268-3.patch: Remove bad mitigation via
      a policy file.

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 30 Mar 2023 12:45:39 -0300

Source diff to previous version
CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for

Version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2 2023-03-20 19:06:57 UTC

  imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Additional fix from previous release
    - debian/patches/CVE-2022-44267_44268-1.patch: Renamed from
      debian/patches/CVE-2022-44267.patch.
    - debian/patches/CVE-2022-44267_44268-2.patch: Renamed from
      debian/patches/CVE-2022-44268.patch.
    - debian/patches/CVE-2022-44267_44268-3.patch: Additional mitigation.
    - CVE-2022-44267
    - CVE-2022-44268

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 15 Mar 2023 12:31:28 -0300

Source diff to previous version
CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for
CVE-2022-44268 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded

Version: 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 2023-02-28 22:06:50 UTC

  imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2022-44267.patch: possible DoS @ stdin (OCE-
      2022-70); possible arbitrary file leak (OCE-2022-72) (LP: #2004580)
    - CVE-2022-44267
  * SECURITY UPDATE: Information Disclosure
    - debian/patches/CVE-2022-44268.patch: move -set profile handler to CLI
    - CVE-2022-44268

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 24 Feb 2023 11:40:25 -0300

2004580 Possible arbitrary file leak
CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for
CVE-2022-44268 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded



About   -   Send Feedback to @ubuntu_updates