Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack-buffer-overflow at /coders/xpm.c:232 in ReadXPMImage #1895

Closed
peanuts62 opened this issue Apr 14, 2020 · 9 comments
Closed

stack-buffer-overflow at /coders/xpm.c:232 in ReadXPMImage #1895

peanuts62 opened this issue Apr 14, 2020 · 9 comments

Comments

@peanuts62
Copy link

Prerequisites

  • [ ] I have written a descriptive issue title
  • [ ] I have verified that I am using the latest version of ImageMagick
  • [ ] I have searched open and closed issues to ensure it has not already been reported

Description

There's a stack buffer overflow at /coders/xpm.c:232 in ReadXPMImage

poc

Steps to Reproduce

run_cmd

magick convert ./afl-Ima/sync_dir/fuzzer2/crashes/id\:000000\,sig\:06\,src\:009314\,op\:havoc\,rep\:16 t.png

Here's ASAN log.

==22728==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff34696d60 at pc 0x7fb49cb4a648 bp 0x7fff34694c80 sp 0x7fff34694c70
READ of size 1 at 0x7fff34696d60 thread T0
    #0 0x7fb49cb4a647 in ParseXPMColor /home/afl-Ima/ImageMagick/coders/xpm.c:232
    #1 0x7fb49cb3d610 in ReadXPMImage /home/afl-Ima/ImageMagick/coders/xpm.c:425
    #2 0x7fb49beb03c9 in ReadImage /home/afl-Ima/ImageMagick/MagickCore/constitute.c:553
    #3 0x7fb49beb4d46 in ReadImages /home/afl-Ima/ImageMagick/MagickCore/constitute.c:941
    #4 0x7fb49b594ed2 in ConvertImageCommand /home/afl-Ima/ImageMagick/MagickWand/convert.c:606
    #5 0x7fb49b6cd098 in MagickCommandGenesis /home/afl-Ima/ImageMagick/MagickWand/mogrify.c:186
    #6 0x55be14ba8ec0 in MagickMain utilities/magick.c:149
    #7 0x55be14ba9146 in main utilities/magick.c:180
    #8 0x7fb49ae56b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #9 0x55be14ba8939 in _start (/home/ImageMagick/utilities/.libs/magick+0x1939)

Address 0x7fff34696d60 is located in stack of thread T0 at offset 8352 in frame
    #0 0x7fb49cb3adef in ReadXPMImage /home/afl-Ima/ImageMagick/coders/xpm.c:250

  This frame has 7 object(s):
    [32, 4128) 'key:251'
    [4256, 8352) 'target:251' <== Memory access at offset 8352 overflows this variable
    [8480, 8488) 'colors:286'
    [8512, 8520) 'columns:286'
    [8544, 8552) 'rows:286'
    [8576, 8584) 'width:286'
    [8608, 12704) 'symbolic:398'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/afl-Ima/ImageMagick/coders/xpm.c:232 in ParseXPMColor
Shadow bytes around the buggy address:
  0x1000668cad50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cad60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cad70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cad90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000668cada0: 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 f2
  0x1000668cadb0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
  0x1000668cadc0: 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00
  0x1000668cadd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cade0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000668cadf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22728==ABORTING

System Configuration

  • ImageMagick version:
    Version: ImageMagick 7.0.10-7 Q16 x86_64 2020-04-10 https://imagemagick.org
    Copyright: © 1999-2020 ImageMagick Studio LLC
    License: https://imagemagick.org/script/license.php
    Features: Cipher DPC HDRI OpenMP(3.1)
    Delegates (built-in): zlib
  • Environment (Operating system, version and so on):
    Description: Ubuntu 18.04.1 LTS
  • Additional information:
root@VM-0-15-ubuntu:/home# ./ImageMagick/utilities/.libs/magick identify -list policy

Path: /usr/local/etc/ImageMagick-7/policy.xml
  Policy: Resource
    name: list-length
    value: 128
  Policy: Resource
    name: file
    value: 768
  Policy: Resource
    name: disk
    value: 16EiB
  Policy: Resource
    name: map
    value: 4GiB
  Policy: Resource
    name: area
    value: 100MP
  Policy: Resource
    name: height
    value: 10KP
  Policy: Resource
    name: width
    value: 10KP

Path: [built-in]
  Policy: Undefined
    rights: None 

edit by peanuts
, and Is it possible to request a cve id?

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Apr 14, 2020
@urban-warrior
Copy link
Contributor

ASAN does not return a stack issue for us. We're using ASAN with gcc 9.3.1. However, valgrind returned a unconditional jump. We added a patch.

@peanuts62
Copy link
Author

Thank you.

@peanuts62
Copy link
Author

Can I request a CVE ID?

@urban-warrior
Copy link
Contributor

Not sure what you're asking. Anyone can request a CVE ID. We rely on the user community to post CVE's due to our small development team and lack of time to address all issues associated with ImageMagick.

@peanuts62
Copy link
Author

thank you ,
I hope this question can be assigned CVE

@thesamesam
Copy link
Contributor

@minghangshen You need to request a CVE from an authority like MITRE: https://cve.mitre.org/cve/request_id.html. Please let us know if you do.

@peanuts62
Copy link
Author

@thesamesam I have submitted the form in https://cve.mitre.org/cve/request_id.html , and I have received an automatic response, but no response since

@peanuts62
Copy link
Author

@thesamesam Auto-reply title : CVE Request 878017 for CVE ID Request

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Apr 24, 2020
2020-04-18  6.9.11-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-7, GIT revision 15547:f759406:20200418.

2020-04-07  6.9.11-7 Cristy  <quetzlzacatenango@image...>
  * Fix erroneous "insufficient image data" exception (reference
    ImageMagick/ImageMagick#1883).
  * Fix an unconditional jump for the XPM coder (reference
    ImageMagick/ImageMagick#1895).

2020-04-06  6.9.11-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-6, GIT revision 15539:e9e105c:20200406.

2020-04-06  6.9.11-6 Cristy  <quetzlzacatenango@image...>
  * Fix incomplete patch for EPT coder (reference
    ImageMagick/ImageMagick6#80).

2020-04-05  6.9.11-5 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-5, GIT revision 15536:3689bed3a:20200405

2020-04-05  6.9.11-5 Cristy  <quetzlzacatenango@image...>
  * Default inkscape delegate to version 0.92 (reference
    ImageMagick/ImageMagick#1880).
  * Set monochrome image depth to 1 for Group4 compression.

2020-04-05  6.9.11-4 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-4, GIT revision 15531:5fc7a9f:20200405.

2020-03-27  6.9.11-4 Cristy  <quetzlzacatenango@image...>
  * The X max attribute for certain fonts is zero (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=37723).
  * Fix possible null pointer dereference in magick/property.c (reference
    ImageMagick/ImageMagick#1225).
  * Multi-value of jp2:quality does not work (reference
    ImageMagick/ImageMagick#1873).
  * Return EPS & TIFF images from the EPT image format (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=37781).

2020-03-27  6.9.11-3 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-3, GIT revision 15511:23bb003:20200327.

2020-03-22  6.9.11-3 Cristy  <quetzlzacatenango@image...>
  * Fix numerical instability issue when drawing lines.
  * Fix off by one exception when calling QuantumImages() (reference
    ImageMagick/ImageMagick6#77).
  * Improve mono font rendering (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=37723).

2020-03-21  6.9.11-2 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-2, GIT revision 15500:698c610:20200321

2020-03-16  6.9.11-2 Cristy  <quetzlzacatenango@image...>
  * Fixed another sizing issue with the label coder when pointsize is set.
  * Respect explicit image filename modified (e.g. png24:im.png) (reference
    ImageMagick/ImageMagick#1835).
  * Stroked dash array render properly again.

2020-03-15  6.9.11-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-1, GIT revision 15487:ffac3c4:20200315.

2020-03-07  6.9.11-1 Cristy  <quetzlzacatenango@image...>
  * Do not throw exception on empty draw path (reference
    ImageMagick/ImageMagick#974).
  * Fix possible buffer overflow in ComplexImages().

2020-03-06  6.9.11-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.11-0, GIT revision 15465:f7c926d:20200306.

2020-03-01  6.9.11-0 Cristy  <quetzlzacatenango@image...>
  * Label text no longer gets cut-off (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=37621).
  * Prevent heap overflow (reference
    ImageMagick/ImageMagick#1857).

2020-02-29  6.9.10-97 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-97, GIT revision 15453:0537c847b:20200229

2020-02-24  6.9.10-97 Cristy  <quetzlzacatenango@image...>
  * Make sure we can grok this Fx expression: 1- -2.
  * Do not advance when substituting a NULL string.
  * Correct alpha for named colors in the Q32 non-HDRI build.
  * Write Group4 compressed image as a single strip.

2020-02-23  6.9.10-96 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-96, GIT revision 15438:2ef65d48e:20200223

2020-02-22  6.9.10-96 Cristy  <quetzlzacatenango@image...>
  * Adapt to a change in command-line options in the SVG inkscape delegate.

2020-02-21  6.9.10-95 Cristy  <quetzlzacatenango@image...>
  * No percent sign in lab() color.

2020-02-18  6.9.10-95 Cristy  <quetzlzacatenango@image...>
  * Adapt to a change in command-line options in the SVG inkscape delegate.

2020-02-16  6.9.10-94 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-94, GIT revision 15405:56d9955fc:20200217

2020-02-16  6.9.10-94 Cristy  <quetzlzacatenango@image...>
  * Corrected ellipse orientation when computing image moments.

2020-02-14  6.9.10-93 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-93, GIT revision 15386:2d96228:20200214

2020-02-08  6.9.10-93 Cristy  <quetzlzacatenango@image...>
  * Report gray(127.5) as gray(50%).

2020-02-07  6.9.10-92 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-92, GIT revision 15374:d468797:20200207

2020-02-03  6.9.10-92 Cristy  <quetzlzacatenango@image...>
  * More work on connect components, e.g. keep-colors, remove-colors,
    keep-topids
  * Initialize mutex before locking if its not already initialized
  * Support 24-bit TIFF images.

2020-02-01  6.9.10-91 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-91, GIT revision 15346:4691fe1:20200201.

2020-01-27  6.9.10-91 Cristy  <quetzlzacatenango@image...>
  * Support additional connected component defines.
  * Refresh cache morphology when writing MPC images.

2020-01-26  6.9.10-89 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-89, GIT revision 15318:2b12203:20200126

2020-01-26  6.9.10-89 Cristy  <quetzlzacatenango@image...>
  * Make png creation reproducible (reference
    ImageMagick/ImageMagick#1270).
  * Refactor uninitialize variable for -fx "while(,)" expression.

2020-01-25  6.9.10-88 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-88, GIT revision 15309:a3d1b6f:20200125

2020-01-20  6.9.10-88 Cristy  <quetzlzacatenango@image...>
  * Support 32-bit tiles TIFF images.
  * New -connected-component options (reference
    https://legacy.imagemagick.org/script/connected-components.php).

2020-01-18  6.9.10-87 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-87, GIT revision 15285:f6ba467:20200118

2020-01-12  6.9.10-87 Cristy  <quetzlzacatenango@image...>
  * Conditional compile for huge xml pages for RSVG delegate library.
  * Put "width" property in the PNG namespace (reference
    ImageMagick/ImageMagick#1833).
 * -combine -colorspace sRGB no longer returns grayscale output (reference
    ImageMagick/ImageMagick#1835).

2020-01-12  6.9.10-86 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-86, GIT revision 15260:0667659:20200112.

2020-01-12  6.9.10-86 Cristy  <quetzlzacatenango@image...>
  * Fixed three failing Magick.NET unit tests.

2020-01-11  6.9.10-85 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-85, GIT revision 15253:1fdc999:20200111.

2020-01-11  6.9.10-85 Dirk Lemstra <dirk@lem.....org>
  * Also support svg:xml-parse-huge when using librsvg.

2020-01-07  6.9.10-85 Cristy  <quetzlzacatenango@image...>
  * Support Fx do() iterator.
  * `magick -size 100x100 xc:black black.pnm` no longer creates a white image
    (reference ImageMagick/ImageMagick#1817).
  * setjmp/longjmp in jpeg.c no longer trigger undefind behavior (reference
		https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=37379).
  * Permit compositing in the CMYK colorspace (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=37368).

2020-01-04  6.9.10-84 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-84, GIT revision 15212:a45335c:20200104.

2020-01-01  6.9.10-84 Cristy  <quetzlzacatenango@image...>
  * Support extended Fx assignment operators (e.g. *=, /=, ++, --, etc.)
  * Support Fx for() iterator.
	* Optimize Fx performance.
	* Ensure circle.rb renders the same for IMv6 and IMv7 (reference
    rmagick/rmagick#905).

2019-12-30  6.9.10-83 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-83, GIT revision 15184:9f64323:20191230.

2019-12-28  6.9.10-83 Cristy  <quetzlzacatenango@image...>
  * PSD: only set the alpha channel when type is not 0.
  * Fix Lab to custom profile (CMYK or RGB) conversion bug (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=37318).

2019-12-27  6.9.10-82 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-82, GIT revision 15167:12b7f07:20191226.

2019-12-26  6.9.10-82 Cristy  <quetzlzacatenango@image...>
  * Fix Build failure with MinGW-w64 (reference
    ImageMagick/ImageMagick6#67).
  * Inject image profile properties immediately after the image is read.

2019-12-24  6.9.10-81 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-81, GIT revision 15151:1444366:20191224.

2019-12-18  6.9.10-81 Cristy  <quetzlzacatenango@image...>
  * Replace pseudo-random number generator with a Xoshiro generator.
  * Define MagickAddressType (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=3729).

2019-12-22  6.9.10-80 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-80, GIT revision 15135:8aa94ec27:20191222

2019-12-18  6.9.10-80 Cristy  <quetzlzacatenango@image...>
  * Some clang releases do not support _aligned_alloc().

2019-12-07  6.9.10-79 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-79, GIT revision 15127:fa10678:20191215.

2019-12-07  6.9.10-79 Cristy  <quetzlzacatenango@image...>
  * Build file clean-up (reference
    ImageMagick/ImageMagick#1798).
  * Improve semaphore handling @
    ImageMagick/ImageMagick#1798).
  * Introduce HeapOverflowSanityCheckGetExtent() method (reference
    ImageMagick/ImageMagick#1798).

2019-12-01  6.9.10-78 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-78, GIT revision 15097:0136438:20191207.

2019-12-01  6.9.10-78 Cristy  <quetzlzacatenango@image...>
  * -type bilevel behavior restored, it creates a black and white image.

2019-11-29  6.9.10-77 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-77, GIT revision 15087:5e6be1a:20191129.

2019-11-26  6.9.10-77 Cristy  <quetzlzacatenango@image...>
  * Support Pocketmod image format, e.g.
    convert -density 300 pages?.pdf pocketmod:organize.pdf
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Update documentation.

    ImageMagick/ImageMagick#1784).
2019-11-26  6.9.10-75 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-75, GIT revision 15062:f23c75e:20191126.

2019-11-19  6.9.10-75 Cristy  <quetzlzacatenango@image...>
  * Increase the maximum number of bezier coordinates (reference
    ImageMagick/ImageMagick#1784).
  * Santize "'" from SHOW and WIN delegates under Linux, '"\' for Windows
    (thanks to Enzo Puig).
  * Correct for TGA orientation (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=34757).
  * The result for -compose Copy -extent on a CMYK image is CMYK (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=37118).
  * Fix potential buffer overflow when reading a fax image (alert from
    Justin).
  * Support dng:use-camera-wb option.

2019-11-17  6.9.10-74 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-74, GIT revision 15030:6efa1b6:20191117.

2019-11-16  6.9.10-74 Cristy  <quetzlzacatenango@image...>
  * Ensure Ascii85 compression is thread safe.
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-11-14  6.9.10-73 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-73, GIT revision 15014:bcb2b51:20191114.

2019-11-14  6.9.10-73 Cristy  <quetzlzacatenango@image...>
  * HP's ANSI C/C++ compiler does not support strcasestr().

2019-11-13  6.9.10-72 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-72, GIT revision 15011:4cf3857:20191113.

2019-11-10  6.9.10-72 Cristy  <quetzlzacatenango@image...>
  * Output exception there is an attempt to perform an operation not allowed by
    the security policy
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-10-30  6.9.10-71 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-71, GIT revision 14989:8da75bd:20191030.

2019-10-29  6.9.10-71 Cristy  <quetzlzacatenango@image...>
  * JPEG and JPG are aliases in coder security policy.
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-10-27  6.9.10-70 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-70, GIT revision 14970:4200095:20191027.

2019-10-27  6.9.10-70 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).
2019-10-27  6.9.10-70 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-70, GIT revision 14970:4200095:20191027.

2019-10-27  6.9.10-70 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-10-24  6.9.10-69 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-69, GIT revision 14962:03a9bac:20191024

2019-10-06  6.9.10-69 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous issues  posted to GitHub (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Support trim:background-color define for -trim option

2019-10-05  6.9.10-68 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-68, GIT revision 14874:eb58b7e:20191005.

2019-09-30  6.9.10-68 Cristy  <quetzlzacatenango@image...>
  * Support animated WebP encoding/decoding (reference
    ImageMagick/ImageMagick#1708).
  * Text stroke cut off (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=36829).

2019-09-29  6.9.10-67 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-67, GIT revision 14844:2a2c1b1:20190929.

2019-09-28  6.9.10-67 Cristy  <quetzlzacatenango@image...>
  * line endings renedered as empty boxes (reference
    ImageMagick/ImageMagick#1704).

2019-09-21  6.9.10-66 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-66, GIT revision 14834:9b20f2e:20190921.

2019-09-20  6.9.10-66 Cristy  <quetzlzacatenango@image...>
  * Support compound statements in the FX while() expression (reference
    ImageMagick/ImageMagick#1701).

2019-09-14  6.9.10-65 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-65, GIT revision 14829:1a6dc73:20190915/

2019-09-09  6.9.10-65 Cristy  <quetzlzacatenango@image...>
  * Eliminate fault when trace delegate is not available.
  * Properly distinquish linear and non-linear gray colorspaces (reference
    ImageMagick/ImageMagick#1680).

2019-09-07  6.9.10-64 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-64, GIT revision 14812:b27c543:20190907.

2019-09-02  6.9.10-64 Cristy  <quetzlzacatenango@image...>
  * Support XPM symbolic (reference
    ImageMagick/ImageMagick#1684).

2019-08-31  6.9.10-63 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-63, GIT revision 14796:9b9fba4:20190831.

2019-08-24  6.9.10-63 Cristy  <quetzlzacatenango@image...>
  * Properly identify the DNG and AI image format (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36581).

2019-08-23  6.9.10-62 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-62, GIT revision 14779:2da539a:20190823.

2019-08-19  6.9.10-62 Cristy  <quetzlzacatenango@image...>
  * Conditionally compile call to AcquireCLocale() (reference
    ImageMagick/ImageMagick#1669).
  * More robust support for converting bitmap to vector.

2019-08-16  6.9.10-61 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-61, GIT revision 14757:36133aa:20190816.

2019-08-12  6.9.10-61 Cristy  <quetzlzacatenango@image...>
  * Fixed bug when writing MPC to PNG (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36518).

2019-08-10  6.9.10-60 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-60, GIT revision 14745:ce6bac3:20190810.

2019-08-07  6.9.10-60 Cristy  <quetzlzacatenango@image...>
  * Enable reading EXR image file from stdin.

2019-08-03  6.9.10-59 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-59, GIT revision 14730:b2d457b:20190803.

2019-08-01  6.9.10-59 Cristy  <quetzlzacatenango@image...>
  * Module is a reserved keyword for C++ 20 (reference
    ImageMagick/ImageMagick#1650).

2019-07-29  6.9.10-58 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-58, GIT revision 14723:fffbce8:20190729.

2019-07-27  6.9.10-58 Cristy  <quetzlzacatenango@image...>
  * Improve GetNextToken() performance.

2019-07-26  6.9.10-57 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-57, GIT revision 14712:94d15b7:20190726.

2019-07-22  6.9.10-57 Cristy  <quetzlzacatenango@image...>
  * Heap-buffer-overflow in Postscript coder (reference
    ImageMagick/ImageMagick#1644).
  * Correction to the ModulusAdd and ModulusSubtract composite op (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=36413).

2019-07-20  6.9.10-56 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-56, GIT revision 14704:d0be203:20190720.

2019-07-20  6.9.10-56 Cristy  <quetzlzacatenango@image...>
  * Converting from PDF to PBM inverts the image (reference
    ImageMagick/ImageMagick#1643).

2019-07-18  6.9.10-55 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-55, GIT revision 14700:faac202:20190718.

2019-07-08  6.9.10-55 Cristy  <quetzlzacatenango@image...>
  * Heap-buffer overflow (reference
    ImageMagick/ImageMagick#1641).
  * PerlMagick test suite passes again (reference
    ImageMagick/ImageMagick#1640).

2019-07-16  6.9.10-54 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-54, GIT revision 14684:41399a3:20190716

2019-07-08  6.9.10-54 Cristy  <quetzlzacatenango@image...>
  * Avoid divide by zero (reference
    ImageMagick/ImageMagick#1629).
  * introducing MagickLevelImageColors() MagickWand method.
  * Transient problem with text placement with gravity (reference
    ImageMagick/ImageMagick#1633).

2019-07-05  6.9.10-53 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-53, GIT revision 14625:70fb1c6:20190705.

2019-07-05  6.9.10-53 Cristy  <quetzlzacatenango@image...>
  * Coder heic.c build failure  (reference
    ImageMagick/ImageMagick6#50).

2019-07-05  6.9.10-52 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-52, GIT revision 14623:672ff6a:20190705.

2019-07-01  6.9.10-52 Cristy  <quetzlzacatenango@image...>
  * Eliminate buffer overflow in TranslateEvent() (reference
    ImageMagick/ImageMagick#1621).
  * Fix -fx parsing issue (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).

2019-06-30  6.9.10-51 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-51, GIT revision 14607:cec35fb:20190630.

2019-06-24  6.9.10-51 Cristy  <quetzlzacatenango@image...>
  * Clone rather than copy X window name/icon.
  * Optimize PDF reader.

2019-06-23  6.9.10-50 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-50, GIT revision 14583:598f03b:20190623

2019-06-16  6.9.10-50 Cristy  <quetzlzacatenango@image...>
  * Heap-buffer-overflow in MagickCore/fourier.c (reference
    ImageMagick/ImageMagick#1588).
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-06-08  6.9.10-49 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-49, GIT revision 14530:19dcf6f:20190608

2019-06-04  6.9.10-49 Cristy  <quetzlzacatenango@image...>
  * Use user defined allocator instead of `malloc` (reference
    ImageMagick/ImageMagick6#49).
  * Add static decorator to accelerator kernels (reference
    ImageMagick/ImageMagick#1366).

2019-05-26  6.9.10-47 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-47, GIT revision 14507:321f99ca6:20190526

2019-05-19  6.9.10-47 Cristy  <quetzlzacatenango@image...>
  * Support 16 and 32 bit tiled float TIFF images.
  * Text improvements to the internal SVG renderer.

2019-05-14  6.9.10-46 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-46, GIT revision 14492:fb2f64950:20190518

2019-05-14  6.9.10-46 Cristy  <quetzlzacatenango@image...>
  * Builds under MacOS X and FreeBSD works again.
  * Return HEIC images in the sRGB colorspace.

2019-05-12  6.9.10-45 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-45, GIT revision 14473:2116be83b:20190512

2019-05-06  6.9.10-45 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-05-03  6.9.10-44 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-44, GIT revision 14449:d077c2e58:20190503

2019-05-03  6.9.10-44 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-05-01  6.9.10-43 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-43, GIT revision 14444:1580c66ba:20190502

2019-05-01  6.9.10-43 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-04-29  6.9.10-42 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-42, GIT revision 14417:929367bd1:20190424

2019-04-20  6.9.10-42 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-04-19  6.9.10-41 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-41, GIT revision 14390:6d46f0a04:20190420

2019-04-14  6.9.10-41 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Honor SOURCE_DATE_EPOCH environment variable (reference
    ImageMagick/ImageMagick#1496).
  * Standardize on UTC time for any image format timestamp.

2019-04-12  6.9.10-40 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-40, GIT revision 14362:7e503e231:20190412

2019-04-10  6.9.10-40 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://imagemagick.org/discourse-server/viewforum.php?f=3).
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-04-07  6.9.10-39 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-39, GIT revision 14346:6b5a9cc87:20190406

2019-04-06  6.9.10-39 Cristy  <quetzlzacatenango@image...>
  * The -preview raise option now returns expected results.
  * Initialise ghostscript instances with NULL (reference
    ImageMagick/ImageMagick#1538).

2019-04-06  6.9.10-38 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-38, GIT revision 14341:09f7569e8:20190406

2019-04-06  6.0.10-38 Cristy  <quetzlzacatenango@image...>
  * Modulo off by one patch for -virtual-pixel option (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=35789)

2019-04-03  6.9.10-37 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-37, GIT revision 14329:0dc57c67b:20190403

2019-04-03  6.0.10-37 Cristy  <quetzlzacatenango@image...>
  * Fixed -virtual-pixel option (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=35789)

2019-03-31  6.9.10-36 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-36, GIT revision 14321:3b6ba12f4:20190331

2019-03-27  6.9.10-36 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-03-24  6.9.10-35 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-35, GIT revision 14298:633d5a989:20190324

2019-03-23  6.9.10-35 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-03-15  6.9.10-34 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-34, GIT revision 14276:b0b2799a2:20190315

2019-03-11  6.9.10-34 Cristy  <quetzlzacatenango@image...>
  * Associate one lock with each resource.
  * Report exception if opening TIFF did not work ou.
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2019-03-10  6.9.10-33 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-33, GIT revision 14266:fb9c848b1:20190310

2019-03-06  6.9.10-33 Cristy  <quetzlzacatenango@image...>
  * Fix SVG conversion infinite loop (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=35591).
  * Initialize primitive drawing structure after resizing.

2019-03-05  6.9.10-32 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-32, GIT revision 14250:4d956d2ac:20190305

2019-03-05  6.9.10-32 Cristy  <quetzlzacatenango@image...>
  * Fix out-of-boundary LocaleLowerCase() @
    ImageMagick/ImageMagick#1495

2019-03-04  6.9.10-31 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-31, GIT revision 14246:6de0b115c:20190304

2019-03-04  6.9.10-31 Cristy  <quetzlzacatenango@image...>
  * -trim is no longer sensitive to the image virtual canvas.

2019-03-03  6.9.10-30 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-30, GIT revision 14240:d62e5fd8b:20190303

2019-03-03  6.9.10-30 Cristy  <quetzlzacatenango@image...>
  * Support define to remove additional background from an image during a
    trim, e.g. -fuzz 5% -define trim:percent-background=0% -trim.

2019-02-28  6.9.10-29 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-29, GIT revision 14235:eee85cacc:20190228

2019-02-28  6.9.10-29 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2019-02-18  6.9.10-28 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-28, GIT revision 14227:580d9f9a6:20190218

2019-02-12  6.9.10-28 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-02-09  6.9.10-27 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-27, GIT revision 14197:4e00248f4:20190209

2019-02-09  6.9.10-27 Cristy  <quetzlzacatenango@image...>
  * Mod patch to properly handle subimage ranges (e.g. image.gif[2-3]).

2019-02-03  6.9.10-27 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-27, GIT revision 14180:153da6bd6:20190203

2019-02-02  6.9.10-26 Cristy  <quetzlzacatenango@image...>
  * Fixed a number of issues (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2019-01-27  6.9.10-25 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-25, GIT revision 14167:183ec9d88:20190127

2019-01-19  6.9.10-25 Cristy  <quetzlzacatenango@image...>
  * Eliminate spurious font warning (reference
    ImageMagick/ImageMagick#1458).
  * Support HEIC EXIF & XMP profiles.

2019-01-12  6.9.10-24 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-24, GIT revision 14130:70079ed45:20190112

2019-01-08  6.9.10-24 Cristy  <quetzlzacatenango@image...>
  * Support -clahe option real clip limit (reference
    https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=35292).
  * ShadeImage() can return negative pixels, clamp to range (reference
    ImageMagick/ImageMagick#1319).
  * Annotate with negative offsets no longer renders slanted text.

2019-01-01  6.9.10-23 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-23, GIT revision 14106:df6887c14:20190101

2019-01-01  6.9.10-23 Cristy  <quetzlzacatenango@image...>
  * CacheInfo destructor must be aligned in DestroyPixelStream().

2018-12-30  6.9.10-22 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-22, GIT revision 14098:7054d2569:20181230

2018-12-29  6.9.10-22 Cristy  <quetzlzacatenango@image...>
  * Support negative rotations in a geometry (e.g. -10x-10+10+10).
  * Return expected canvas offset after a crop with gravity.
  * Fix HEIC coder compile exception.

2018-12-27  6.9.10-21 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-21, GIT revision 14088:1961662c1:20181227

2018-12-27  6.9.10-21 Cristy  <quetzlzacatenango@image...>
  * Check to ensure SeekBlob() offset can be represented in an off_t.

2018-12-23  6.9.10-20 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-20, GIT revision 14079:0ce665411:20181223

2018-12-19  6.9.10-19 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-19, GIT revision 14069:0ca60eda0:20181219

2018-12-18  6.9.10-18 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-18, GIT revision 14061:2f9ab1cea:20181218

2018-12-18  6.9.10-18 Cristy  <quetzlzacatenango@image...>
  * Revert MagickDoubleType patch to avoid i386 ABI break (reference
    ImageMagick/ImageMagick6#31);

2018-12-17  6.9.10-17 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-17, GIT revision 14057:667544c39:20181217

2018-12-10  6.9.10-16 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-16, GIT revision 14039:096b7210f:20181210

2018-12-02  6.9.10-16 Cristy  <quetzlzacatenango@image...>
  * Check for modulo underflow.
  * Change SVG default DPI to 86 from 90 to meet recommendation of SVG2 & CSS.

2018-12-01  6.9.10-15 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-15, GIT revision 14011:ddd5bd95d:20181201

2018-10-23  6.9.10-14 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-14, GIT revision 13943:5f6f9f0be:20181023

2018-10-21  6.9.10-13 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-13, GIT revision 13936:2379b24b8:20181021

2018-09-16  6.9.10-12 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-12, GIT revision 13886:d2819c281:20180923

2018-09-08  6.9.10-12 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-08-27  6.9.10-11 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-11, GIT revision 13806:cbb489883:20180828

2018-08-15  6.9.10-11 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).
  * Add support for "module" security policy.

2018-08-13  6.9.10-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-10, GIT revision 13743:8f8009715:20180813

2018-08-12  6.9.10-10 Dirk Lemstra <dirk@lem.....org>
  * Restored thread support for the HEIC coder.

2018-08-08  6.9.10-10 Cristy  <quetzlzacatenango@image...>
  * ThumbnailImage function no longer reveals sensitive information (reference
    ImageMagick/ImageMagick#1243).

2018-08-06  6.9.10-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-9, GIT revision 13721:6fb59a954:20180805.

2018-07-24  6.9.10-9 Cristy  <quetzlzacatenango@image...>
  * XBM coder leaves the hex image data uninitialized if hex value of the
    pixel is negative.
  * More improvements to SVG text handling.

2018-07-23  6.9.10-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-8, GIT revision 13693:88aeaf9d9:20180723.

2018-07-20  6.9.10-8 Cristy  <quetzlzacatenango@image...>
  * Non-HDRI ScaleLongToQuantum() private method no longer adds a half interval.
  * Fixed memset() negative-size-param (reference
    ImageMagick/ImageMagick#1217).

2018-07-16  6.9.10-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-7, GIT revision 13676:dab6babe2:20180716.

2018-07-15  6.9.10-7 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-07-08  6.9.10-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-6, GIT revision 13660:181df547c:20180708.

2018-07-08  6.9.10-6 Cristy  <quetzlzacatenango@image...>
  * Improve SVG support for tspan element.
  * Add support for -fx image.extent.

2018-07-04  6.9.10-5 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-5, GIT revision 13643:fe71cc8b2:20180704.

2018-07-04  6.9.10-5 Cristy  <quetzlzacatenango@image...>
  * Fixed a few potential memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2018-07-02  6.9.10-4 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-4, GIT revision 13635:c1c026715:20180702.

2018-06-28  6.9.10-4 Cristy  <quetzlzacatenango@image...>
  * Small tweaks to compile under Cygwin.
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).
  * Support %B property, the image file size without any decorations.

2018-06-24  6.9.10-3 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-3, GIT revision 13618:69366aab3:20180624.

2018-06-18  6.9.10-2 Cristy  <quetzlzacatenango@image...>
  * More rovust SVG text handling.

2018-06-16  6.9.10-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-1, GIT revision 13595:dafb03062:20180616.

2018-06-16  6.9.10-1 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).
  * Fixed an issue with stroke and label: (reference

2018-06-12  6.9.10-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.10-0, GIT revision 13585:82d7dbe0b:20180612.

2018-06-11  6.9.10-0 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-06-11  6.9.9-51 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-51, GIT revision 13574:a58324488:20180611.

2018-06-06  6.9.9-51 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-06-02  6.9.9-50 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-50, GIT revision 13539:2ae91d95c:20180602.

2018-05-30  6.9.9-50 Cristy  <quetzlzacatenango@image...>
  * Heap buffer overflow fix (reference
    ImageMagick/ImageMagick#1156).
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-05-29  6.9.9-49 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-49, GIT revision 13521:00f535ee9:20180529.

2018-05-29  6.9.9-49 Cristy  <quetzlzacatenango@image...>
  * Properly initialize SVG color style.

2018-05-28  6.9.9-48 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-47, GIT revision 13518:5cef106dc:20180528.

2018-05-28  6.9.9-48 Cristy  <quetzlzacatenango@image...>
  * A SVG rectangle with a width and height of 1, is a point.

2018-05-21  6.9.9-47 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-47, GIT revision 13489:3ff167343:20180521.

2018-05-21  6.9.9-47 Cristy  <quetzlzacatenango@image...>
  * Fixed memory corruption for MVG paths.

2018-05-20  6.9.9-46 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-46, GIT revision 13483:ced03dfb8:20180520.

2018-05-19  6.9.9-46 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).
  * Fixed errant 'not enough pixel data' (reference
    ImageMagick/ImageMagick#1133).

2018-05-16  6.9.9-45 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-45, GIT revision 13456:e027e2bb4:20180513.

2018-05-16  6.9.9-45 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-05-13  6.9.9-44 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-44, GIT revision 13456:e027e2bb4:20180513.

2018-05-03  6.9.9-43 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-05-01  6.9.9-42 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-42, GIT revision 13394:69b3ddf2e:20180501.

2018-05-01  6.9.9-42  <quetzlzacatenango@image...>
  * Missing break when checking "compliance" element.

2018-04-30  6.9.9-41 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-41, GIT revision 13379:e819f52a2:20180430.

2018-03-26  6.9.9-41 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory

2018-03-24  6.9.9-40 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-40, GIT revision 13136:8b7024499:20180325.

2018-03-21  6.9.9-40 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

2018-03-18  6.9.9-39 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-39, GIT revision 13067:ae2245e56:20180318.

2018-03-17  6.9.9-39 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Apr 28, 2020
2020-04-24  7.0.10-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.10-8, GIT revision 17175:481b85f:20200424.

2020-04-23  7.0.10-8 Cristy  <quetzlzacatenango@image...>
  * Some configure --with-method-prefix methods were missing (reference
    ImageMagick/ImageMagick#1912).

2020-04-19  7.0.10-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.10-7, GIT revision 17170:c635e88:20200419.

2020-04-07  7.0.10-7 Cristy  <quetzlzacatenango@image...>
  * Fix erroneous "insufficient image data" exception (reference
    ImageMagick/ImageMagick#1883).
  * Fix an unconditional jump for the XPM coder (reference
    ImageMagick/ImageMagick#1895).
  * Improve unrotate value returned by the minimum bounding box (thanks
    to Fred Weinhaus).
    ImageMagick/ImageMagick#1880).
bmwiedemann added a commit to bmwiedemann/openSUSE that referenced this issue May 7, 2020
https://build.opensuse.org/request/show/800017
by user pgajdos + dimstar_suse
- version update to 7.0.10.10
  * Correction to allocate a colormap of the maximum colors when color
    reducing an image sequence.
  * Write to stdout for mp4:-.
  * Allocate a colormap of the maximum colors when color reducing an image
    sequence.
  * Label was not centered properly (reference
    ImageMagick/ImageMagick#1879).
  * Some configure --with-method-prefix methods were missing (reference
    ImageMagick/ImageMagick#1912).
  * Fix erroneous "insufficient image data" exception (reference
    ImageMagick/ImageMagick#1883).
  * Fix an unconditional jump for the XPM coder (reference
    ImageMagick/ImageMagick#1895).
  * Improve unrotate value returned by the minimum bounding b
@dlemstra dlemstra closed this as completed Jun 9, 2020
@carnil
Copy link

carnil commented Nov 21, 2020

The correct CVE id seems though to be https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19667

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

5 participants