ImageMagick: Multiple vulnerabilities — GLSA 201711-07

Multiple vulnerabilities have been found in ImageMagick, the worst of which may allow remote attackers to cause a Denial of Service condition.

Affected packages

Background

A collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details.

Impact

Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"
 

References

• CVE-2017-11640
• CVE-2017-11724
• CVE-2017-12140
• CVE-2017-12418
• CVE-2017-12427
• CVE-2017-12691
• CVE-2017-12692
• CVE-2017-12693
• CVE-2017-12876
• CVE-2017-12877
• CVE-2017-12983
• CVE-2017-13058
• CVE-2017-13059
• CVE-2017-13060
• CVE-2017-13061
• CVE-2017-13062
• CVE-2017-13131
• CVE-2017-13132
• CVE-2017-13133
• CVE-2017-13134
• CVE-2017-13139
• CVE-2017-13140
• CVE-2017-13141
• CVE-2017-13142
• CVE-2017-13143
• CVE-2017-13144
• CVE-2017-13145
• CVE-2017-13146
• CVE-2017-13758
• CVE-2017-13768
• CVE-2017-13769
• CVE-2017-14060
• CVE-2017-14137
• CVE-2017-14138
• CVE-2017-14139
• CVE-2017-14172
• CVE-2017-14173
• CVE-2017-14174
• CVE-2017-14175
• CVE-2017-14224
• CVE-2017-14248
• CVE-2017-14249
• CVE-2017-15281

Release date
November 11, 2017

Latest revision
November 11, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 626454
• 626906
• 627036
• 628192
• 628490
• 628646
• 628650
• 628700
• 628702
• 629354
• 629482
• 629576
• 629932
• 630256
• 630458
• 630674
• 635200
• 635664
• 635666