There are currently several known security vulnerabilities in ImageMagick 7, one of which is still without a fix. VuXML entry patch pending, I'm waiting for latest CVE assignment, and compiling a list of issues. * Heap overflow (CVE pending) https://github.com/ImageMagick/ImageMagick/issues/296 * Incomplete fix for CVE-2016-8862 (CVE-2016-8866) https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/ * Memory allocation failure (CVE-2016-8862) https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
Okay, CVE assigned for this one: * Heap overflow (CVE-2016-9298) https://github.com/ImageMagick/ImageMagick/issues/296
Created attachment 177007 [details] VuXML entry for ImageMagick7
A commit references this bug: Author: feld Date: Sun Dec 4 23:55:55 UTC 2016 New revision: 427818 URL: https://svnweb.freebsd.org/changeset/ports/427818 Log: Document ImageMagick7 vulnerabilities PR: 214514 Security: CVE-2016-9298 Security: CVE-2016-8866 Security: CVE-2016-8862 Changes: head/security/vuxml/vuln.xml