ELA-419-1 imagemagick security update

denial-of-service

2021-05-04
Packageimagemagick
Version8:6.8.9.9-5+deb8u24
Related CVEs CVE-2021-20312

A flaw was found in ImageMagick, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. This could lead to a denial-of-service.

For Debian 8 jessie, these problems have been fixed in version 8:6.8.9.9-5+deb8u24.

We recommend that you upgrade your imagemagick packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/