| Description: | Summary:
The remote host is missing an update for the Debian 'graphicsmagick' package(s) announced via the DLA-1082-1 advisory.
Vulnerability Insight:
CVE-2017-13776 / CVE-2017-13777 denial of service issue in ReadXBMImage()
CVE-2017-12935
The ReadMNGImage function in coders/png.c mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
CVE-2017-12936
The ReadWMFImage function in coders/wmf.c has a use-after-free issue for data associated with exception reporting.
CVE-2017-12937
The ReadSUNImage function in coders/sun.c has a colormap heap-based buffer over-read.
CVE-2017-13063 / CVE-2017-13064 heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c
CVE-2017-13065
NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c
For Debian 7 Wheezy, these problems have been fixed in version 1.3.16-1.1+deb7u9.
We recommend that you upgrade your graphicsmagick packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]
Affected Software/OS:
'graphicsmagick' package(s) on Debian 7.
Solution:
Please install the updated package(s).
CVSS Score:
7.1
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
