ALAS-2023-379

2024-06-06: CVE-2021-20309 was added to this advisory.

A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309)

A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c. (CVE-2023-5341)

aarch64:
    ImageMagick-c++-debuginfo-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-debuginfo-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-perl-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-doc-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-perl-debuginfo-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-c++-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-debugsource-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-c++-devel-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-devel-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-libs-debuginfo-6.9.12.82-1.amzn2023.0.7.aarch64
    ImageMagick-libs-6.9.12.82-1.amzn2023.0.7.aarch64

src:
    ImageMagick-6.9.12.82-1.amzn2023.0.7.src

x86_64:
    ImageMagick-perl-debuginfo-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-c++-devel-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-debugsource-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-c++-debuginfo-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-devel-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-debuginfo-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-perl-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-c++-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-doc-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-libs-debuginfo-6.9.12.82-1.amzn2023.0.7.x86_64
    ImageMagick-libs-6.9.12.82-1.amzn2023.0.7.x86_64