ImageMagick7 -- multiple vulnerabilities

2016-09-14T00:00:00
ID E1F67063-AAB4-11E6-B2D3-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-09-14T00:00:00

Description

Multiple sources report:

CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31

CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.

CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.