[Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
Peter Korsgaard
peter at korsgaard.com
Fri Sep 16 21:53:15 UTC 2022
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2022-1114: A heap-use-after-free flaw was found in
> ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
> vulnerability is triggered when an attacker passes a specially crafted
> DICOM image file to ImageMagick for conversion, potentially leading to
> information disclosure and a denial of service.
> - Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned char'
> at coders/psd.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned long'
> at coders/pcl.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
> address for type 'double', which requires 8 byte alignment and for
> type 'float', which requires 4 byte alignment at
> MagickCore/property.c. Whenever crafted or untrusted input is
> processed by ImageMagick, this causes a negative impact to application
> availability or other problems related to undefined behavior.
> - Update hash of LICENSE (year updated with
> https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
> https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list