imagemagick: multiple issues

2016-10-08T00:00:00
ID ASA-201610-6
Type archlinux
Reporter Arch Linux
Modified 2016-10-08T00:00:00

Description

  • CVE-2016-7799 (denial of service)

A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash.

  • CVE-2016-7906 (arbitrary code execution)

An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function.