ImageMagick: Multiple vulnerabilities — GLSA 201606-14

Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service.

Affected Packages

media-gfx/imagemagick on all architectures
Affected versions < 6.9.0.3
Unaffected versions >= 6.9.0.3

Background

Imagemagick is a collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service. Please visit the references and related bug reports for additional information.

Impact

Remote attackers could potentially perform buffer overflows or conduct Denials of Service.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.3"
 

References

Release Date
June 26, 2016

Latest Revision
June 26, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries