3 security issues in jessie

package:
graphicsmagick
severity:
high
created:
2016-02-06
last updated:
2020-03-26

There are 3 open security issues in jessie.
1 important issue:
  • CVE-2020-10938: GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
2 issues skipped by the security teams:
  • CVE-2017-17783: In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
  • CVE-2017-10800: When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
Please fix them.