FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ImageMagick -- heap overflow vulnerability

Affected packages
ImageMagick < 6.9.6.4,1
ImageMagick-nox11 < 6.9.6.4,1
ImageMagick7 < 7.0.3.7
ImageMagick7-nox11 < 7.0.3.7

Details

VuXML ID 19d35b0f-ba73-11e6-b1cf-14dae9d210b8
Discovery 2016-11-13
Entry 2016-12-04

Bastien Roucaries reports:

Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easelly trigerrable from a perl script.

References

CVE Name CVE-2016-9298
FreeBSD PR ports/214511
FreeBSD PR ports/214517
FreeBSD PR ports/214520
URL http://seclists.org/oss-sec/2016/q4/413
URL https://github.com/ImageMagick/ImageMagick/issues/296