Source: imagemagick Version: 8:6.9.9.34+dfsg-3 Severity: minor Tags: security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/998
Hi, the following vulnerability was published for imagemagick. The issue is not affecting the binary packages (as long we do not build with webp support, which is not the case yet, cf. #806425). Thus just filling the bug for upstrem fix tracking purpose and thus severity minor. CVE-2018-7470[0]: | An issue was discovered in ImageMagick 7.0.7-22 Q16. The | IsWEBPImageLossless function in coders/webp.c allows attackers to cause | a denial of service (segmentation violation) via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7470 [1] https://github.com/ImageMagick/ImageMagick/issues/998 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team