[Bug 214514] security/vuxml: Multiple security vulnerabilities in ImageMagick7

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214514

            Bug ID: 214514
           Summary: security/vuxml: Multiple security vulnerabilities in
                    ImageMagick7
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: needs-patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
            Blocks: 214511
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)
          Assignee: ports-secteam at FreeBSD.org

There are currently several known security vulnerabilities in ImageMagick 7,
one of which is still without a fix. VuXML entry patch pending, I'm waiting for
latest CVE assignment, and compiling a list of issues.

* Heap overflow (CVE pending)
  https://github.com/ImageMagick/ImageMagick/issues/296

* Incomplete fix for CVE-2016-8862 (CVE-2016-8866)
 
https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/

* Memory allocation failure (CVE-2016-8862)
 
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/


Referenced Bugs:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214511
[Bug 214511] graphics/ImageMagick7: Update to 7.0.3-6 (security fixes)
-- 
You are receiving this mail because:
You are the assignee for the bug.