Debian 10229 Published by

Updated imagemagick packages has been released for Debian GNU/Linux 7 LTS



Package : imagemagick
Version : 8:6.7.7.10-5+deb7u20
CVE ID : CVE-2017-1000445, CVE-2017-1000476
Debian Bug : #886281

It was discovered that there were two vulnerabilities in the imagemagick
image manipulation program:

CVE-2017-1000445: A null pointer dereference in the MagickCore
component which could lead to denial of service.

CVE-2017-1000476: A potential denial of service attack via CPU
exhaustion.

For Debian 7 "Wheezy", this issue has been fixed in imagemagick version
8:6.7.7.10-5+deb7u20.

We recommend that you upgrade your imagemagick packages.