imagemagick - several vulnerabilities

Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:

• CVE-2007-1667
  Multiple integer overflows in XInitImage function in xwd.c for
  ImageMagick, allow user-assisted remote attackers to cause a denial of
  service (crash) or obtain sensitive information via crafted images with
  large or negative values that trigger a buffer overflow. It only affects
  the oldstable distribution (etch).
• CVE-2007-1797
  Multiple integer overflows allow remote attackers to execute arbitrary
  code via a crafted DCM image, or the colors or comments field in a
  crafted XWD image. It only affects the oldstable distribution (etch).
• CVE-2007-4985
  A crafted image file can trigger an infinite loop in the ReadDCMImage
  function or in the ReadXCFImage function. It only affects the oldstable
  distribution (etch).
• CVE-2007-4986
  Multiple integer overflows allow context-dependent attackers to execute
  arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
  which triggers a heap-based buffer overflow. It only affects the
  oldstable distribution (etch).
• CVE-2007-4987
  Off-by-one error allows context-dependent attackers to execute arbitrary
  code via a crafted image file, which triggers the writing of a ‘\0’
  character to an out-of-bounds address. It affects only the oldstable
  distribution (etch).
• CVE-2007-4988
  A sign extension error allows context-dependent attackers to execute
  arbitrary code via a crafted width value in an image file, which
  triggers an integer overflow and a heap-based buffer overflow. It
  affects only the oldstable distribution (etch).
• CVE-2008-1096
  The load_tile function in the XCF coder allows user-assisted remote
  attackers to cause a denial of service or possibly execute arbitrary
  code via a crafted .xcf file that triggers an out-of-bounds heap write.
  It affects only to oldstable (etch).
• CVE-2008-1097
  Heap-based buffer overflow in the PCX coder allows user-assisted remote
  attackers to cause a denial of service or possibly execute arbitrary
  code via a crafted .pcx file that triggers incorrect memory allocation
  for the scanline array, leading to memory corruption. It affects only to
  oldstable (etch).
• CVE-2009-1882
  Integer overflow allows remote attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted TIFF file,
  which triggers a buffer overflow.

For the old stable distribution (etch), these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.15+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 7:6.3.7.9.dfsg2-1~lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
7:6.5.1.0-1.1.

We recommend that you upgrade your imagemagick packages.