ImageMagick: Multiple vulnerabilities — GLSA 201711-07

Multiple vulnerabilities have been found in ImageMagick, the worst of which may allow remote attackers to cause a Denial of Service condition.

Affected packages

media-gfx/imagemagick on all architectures
Affected versions < 6.9.9.20
Unaffected versions >= 6.9.9.20

Background

A collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details.

Impact

Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"
 

References

Release date
November 11, 2017

Latest revision
November 11, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries