Debian LTS Advisory ([SECURITY] [DLA 1888-1] imagemagick security update)

The remote host is missing an update for the 'imagemagick' package(s) announced via the DSA-1888-1 advisory.

Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974 NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c and coders/vid.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data. CVE-2019-13135 Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data. CVE-2019-13295, CVE-2019-13297 Multiple heap buffer over-reads in AdaptiveThresholdImage (magick/threshold.c). These vulnerabilities might be leveraged by remote attackers to cause denial of service or unauthorized disclosure or modification of information via crafted image data. CVE-2019-13304, CVE-2019-13305, CVE-2019-13306 Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to stack buffer over write up to ten bytes. Remote attackers might leverage these flaws to potentially perform code execution or denial of service.

'imagemagick' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u17. We recommend that you upgrade your imagemagick packages.