FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ImageMagick7 -- multiple vulnerabilities

Affected packages
ImageMagick7 < 7.0.3.6
ImageMagick7-nox11 < 7.0.3.6

Details

VuXML ID e1f67063-aab4-11e6-b2d3-60a44ce6887b
Discovery 2016-09-14
Entry 2016-12-04

Multiple sources report:

CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31

CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.

CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.

References

CVE Name CVE-2016-8862
CVE Name CVE-2016-8866
CVE Name CVE-2016-9298
FreeBSD PR ports/214514
URL https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
URL https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
URL https://github.com/ImageMagick/ImageMagick/issues/296