Ubuntu
graphicsmagick package

graphicsmagick 1.3.23-1ubuntu0.1 source package in Ubuntu

Changelog

graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (crash) via a crafted SVG file.
    - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
    - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
    - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
    - CVE-2016-2317
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
    file.
    - debian/patches/CVE-2016-2318.patch: Make SVG path and other
      primitive parsing more robust
    - CVE-2016-2318
  * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
    a crafted image file.
    - debian/patches/CVE-2016-3714.patch: Remove delegates support for
      reading gnuplot files.
    - CVE-2016-3714
  * SECURITY UPDATE: Remote attackers are able to delete arbitrary files
    via a crafted image.
    - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
      prefix.
    - CVE-2016-3715
  * SECURITY UPDATE: Remote attackers can move arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
      on MSL files.
    - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
      format based on file extension.
    - CVE-2016-3716
  * SECURITY UPDATE: Remote attackers can read arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
    - CVE-2016-3717
  * SECURITY UPDATE: Remote attackers can conduct server-side request
    forgery (SSRF) attacks via a crafted image.
    - debian/patches/CVE-2016-3718.patch: fix in render.c
    - CVE-2016-3718
  * SECURITY UPDATE: Remote attackers can execute arbitrary files via a
    pipe character at the start of a filename.
    - debian/patches/CVE-2016-5118.patch: remove support for reading
      input from a shell command or writing output to a shell command
    - CVE-2016-5118
  * SECURITY UPDATE: Remote attackers can execute arbitrary commands via
    unspecified vectors.
    - debian/patches/CVE-2016-5239.patch: remove delegates support for
      Gnuplot and varios other file types.
    - CVE-2016-5239
  * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
    converting a circularly defined SVG file.
    - debian/patches/CVE-2016-5240.patch: endless loop problem caused by
      negative stroke-dasharray arguments
    - CVE-2016-5240
  * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
    and application crash) via a crafted svg file.
    - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
      fill or stroke pattern image has zero columns or rows
    - CVE-2016-5241
  * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
    - debian/patches/CVE-2016-7446.patch: fix in svg.c
    - CVE-2016-7446
  * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
    - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
      EscapeParenthesis() in annotate.c
    - CVE-2016-7447
  * SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
    via vectors involving the header information and the file size.
    - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
    - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
    - CVE-2016-7448
  * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
    an "unterminated" string.
    - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
      if buffer not null terminated
    - CVE-2016-7449
  * SECURITY UPDATE: Integer underflow in the parse8BIM function.
    - debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
    - CVE-2016-7800
  * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
    reader.
    - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
    - CVE-2016-7996
    - CVE-2016-7997
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
    - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
      while reading SCT file header.
    - CVE-2016-8682
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted PCX image.
    - debian/patches/CVE-2016-8683.patch: check that filesize is
      reasonable given header.
    - CVE-2016-8683
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted SGI image.
    - debian/patches/CVE-2016-8684.patch: Check that filesize is
      reasonable given header.
    - CVE-2016-8684
  * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
    - debian/patches/CVE-2016-9830.patch: enforce spec requirement that
      the dimensions of the JPEG embedded in a JDAT chunk must match the
      JHDR dimensions.
    - CVE-2016-9830

 -- Eduardo Barretto <email address hidden>  Thu, 01 Nov 2018 15:03:05 -0300

Upload details

Uploaded by:
Eduardo Barretto
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
graphics
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
graphicsmagick_1.3.23.orig.tar.xz 5.1 MiB fd2535a529528ec6f0bd493fed4395e08082faf940d51d7c18c25586a0a0e60d
graphicsmagick_1.3.23-1ubuntu0.1.debian.tar.xz 175.4 KiB 6317801d270d16aac3ad0b0a0c0dbb182704e432049e8bd349902fb1314258f3
graphicsmagick_1.3.23-1ubuntu0.1.dsc 2.9 KiB 67636d34272731f11d2545ac9a1ad132550ca54a74c1348c9d860a2cca9e7804

View changes file

Binary packages built by this source

graphicsmagick: collection of image processing tools

 GraphicsMagick provides a set of command-line applications to manipulate
 image files. It is a fork of the ImageMagick project and therefore offers
 a similar set of features, but puts a larger emphasis on stability.
 .
 The tools support a large variety of image formats from the widely used
 jpeg, tiff, bmp or xpm to special-purpose formats such as fits or image
 formats found on some photo CDs. They can convert between formats,
 concatenate several images into one, annotate and distort them, create
 thumbnails or manipulate the colormap. While all features are available
 from the command-line, the package also includes an image viewer that
 allows interactive manipulation.
 .
 Note that unlike ImageMagick, the GraphicsMagick tools are accessed
 through a single executable called 'gm'. Therefore, GraphicsMagick and
 ImageMagick can be used in parallel. Install package
 graphicsmagick-imagemagick-compat to obtain a set of several executables
 that is compatible to ImageMagick's interface.

graphicsmagick-dbg: format-independent image processing - debugging symbols

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains debugging symbols for the gm executable as well as the
 C, C++, and Perl bindings. Tools like gdb and ltrace make use of these
 symbols.

graphicsmagick-dbgsym: debug symbols for package graphicsmagick

 GraphicsMagick provides a set of command-line applications to manipulate
 image files. It is a fork of the ImageMagick project and therefore offers
 a similar set of features, but puts a larger emphasis on stability.
 .
 The tools support a large variety of image formats from the widely used
 jpeg, tiff, bmp or xpm to special-purpose formats such as fits or image
 formats found on some photo CDs. They can convert between formats,
 concatenate several images into one, annotate and distort them, create
 thumbnails or manipulate the colormap. While all features are available
 from the command-line, the package also includes an image viewer that
 allows interactive manipulation.
 .
 Note that unlike ImageMagick, the GraphicsMagick tools are accessed
 through a single executable called 'gm'. Therefore, GraphicsMagick and
 ImageMagick can be used in parallel. Install package
 graphicsmagick-imagemagick-compat to obtain a set of several executables
 that is compatible to ImageMagick's interface.

graphicsmagick-imagemagick-compat: image processing tools providing ImageMagick interface

 GraphicsMagick provides a set of command-line applications to manipulate
 image files. It is a fork of the ImageMagick project and therefore offers
 a similar set of features, but puts a larger emphasis on stability.
 .
 With this package installed, the GraphicsMagick command line tools can
 be executed like their ImageMagick counterparts. It allows one to migrate
 scripts from ImageMagick to GraphicsMagick without any code changes.

graphicsmagick-libmagick-dev-compat: image processing libraries providing ImageMagick interface

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick libraries are a fork of ImageMagick and therefore offer
 programming interfaces that are mostly compatible. While there might be
 small differences, experience tells that many programs only use a compatible
 subset and build fine with either GraphicsMagick or ImageMagick.
 .
 While GraphicsMagick uses different names for libraries, classes, and
 helper applications in order to coexist with ImageMagick, this package
 intends to minimise porting efforts by exporting the GraphicsMagick
 interface with the usual ImageMagick names. Note that this package only
 tries to provide build-time compatibility. Run-time libraries of
 ImageMagick and GraphicsMagick are incompatible and cannot be interchanged.
 .
 This package includes compatibility wrappers for the C, C++, and Perl
 libraries.

libgraphics-magick-perl: format-independent image processing - perl interface

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the classes to access GraphicsMagick functionality from
 Perl scripts. It is mostly similar to PerlMagick from the ImageMagick suite,
 but uses a different class name.

libgraphics-magick-perl-dbgsym: debug symbols for package libgraphics-magick-perl

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the classes to access GraphicsMagick functionality from
 Perl scripts. It is mostly similar to PerlMagick from the ImageMagick suite,
 but uses a different class name.

libgraphicsmagick++-q16-12: format-independent image processing - C++ shared library

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C++ libraries needed to run executables that use
 the GraphicsMagick++ library.

libgraphicsmagick++-q16-12-dbgsym: debug symbols for package libgraphicsmagick++-q16-12

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C++ libraries needed to run executables that use
 the GraphicsMagick++ library.

libgraphicsmagick++1-dev: format-independent image processing - C++ development files

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C++ development headers and library files needed to
 compile programs using the GraphicsMagick++ library.

libgraphicsmagick++1-dev-dbgsym: debug symbols for package libgraphicsmagick++1-dev

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C++ development headers and library files needed to
 compile programs using the GraphicsMagick++ library.

libgraphicsmagick-q16-3: format-independent image processing - C shared library

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C libraries needed to run executables that use
 the GraphicsMagick library.

libgraphicsmagick-q16-3-dbgsym: debug symbols for package libgraphicsmagick-q16-3

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C libraries needed to run executables that use
 the GraphicsMagick library.

libgraphicsmagick1-dev: format-independent image processing - C development files

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C development headers and library files needed to
 compile programs using the GraphicsMagick library.

libgraphicsmagick1-dev-dbgsym: debug symbols for package libgraphicsmagick1-dev

 GraphicsMagick provides libraries in several programming languages to read,
 write and manipulate image files across a large number of formats, from the
 widely used jpeg, tiff, bmp or xpm to special-purpose formats such as fits or
 image formats found on some photo CDs. There are functions for finegrained
 image processing tasks, as well as conversion routines between the various
 image formats.
 .
 The GraphicsMagick library is a fork of ImageMagick and therefore offers
 an interface that is similar in features, but intended to be more stable
 across releases. While compatibility does not go so far that the
 GraphicsMagick library serves as a drop-in replacement for ImageMagick,
 conversion can usually be done with little effort.
 .
 This package contains the C development headers and library files needed to
 compile programs using the GraphicsMagick library.