1
PublicDateAtUSN: 2017-08-22
2
Candidate: CVE-2017-13134
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134
6
https://usn.ubuntu.com/usn/usn-3681-1
8
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer
9
over-read was found in the function SFWScan in coders/sfw.c, which allows
10
attackers to cause a denial of service via a crafted file.
13
mdeslaur> 0292-CVE-2017-13134-Fix-heap-based-buffer-overflow-in-SFWScan.patch in wheezy
14
mdeslaur> 0249-CVE-2017-13134.patch in jessie
15
mdeslaur> 0100-CVE-2017-13134.patch in stretch
17
https://github.com/ImageMagick/ImageMagick/issues/670
18
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099
24
upstream: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
25
upstream_imagemagick: released (8:6.9.9.34+dfsg-3)
26
precise/esm_imagemagick: DNE
27
trusty_imagemagick: released (8:6.7.7.10-6ubuntu3.11)
28
vivid/ubuntu-core_imagemagick: DNE
29
xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.11)
30
zesty_imagemagick: ignored (reached end-of-life)
31
artful_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu2.2)
32
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.2)
33
devel_imagemagick: needed