- Fix CVE-2022-1114: A heap-use-after-free flaw was found in
ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
vulnerability is triggered when an attacker passes a specially crafted
DICOM image file to ImageMagick for conversion, potentially leading to
information disclosure and a denial of service.
- Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned char'
at coders/psd.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned long'
at coders/pcl.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
address for type 'double', which requires 8 byte alignment and for
type 'float', which requires 4 byte alignment at
MagickCore/property.c. Whenever crafted or untrusted input is
processed by ImageMagick, this causes a negative impact to application
availability or other problems related to undefined behavior.
- Update hash of LICENSE (year updated with
80629dfb3f)
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
685100fe85