Headline
CVE-2019-11474
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
2023-02-26 Bob Friesenhahn <[email protected]>
Makefile.am: Stop producing BZip, Gzip, Lzip, and Zstandard compressed archives so the only tar option is XZ compressed. See if anyone complains.
www/download.rst: Add summary documentation regarding archive formats.
2023-02-12 Bob Friesenhahn <[email protected]>
- coders/jpeg.c (ReadJPEGImage): Replace MagickAllocateResourceLimitedArray() with MagickAllocateResourceLimitedClearedArray() and eliminate explicit memset().
2023-02-08 Bob Friesenhahn <[email protected]>
- magick/blob.c (ImageToBlob): Immediately reject attempts to write blobs to formats which can not support blobs.
2023-02-06 Bob Friesenhahn <[email protected]>
- coders/mpc.c (RegisterMPCImage): Set seekable_stream and blob_support to false.
2023-02-05 Fojtik Jaroslav <[email protected]>
VisualMagick/configure/configure.rc Changed “Configure.EXE” to “configure.exe”
VisualMagick/configure/configure.exe Configure.exe has been blacklisted with 6 antiviruses. https://www.virustotal.com/gui/file/3a0e54c8439200faf666b5680e0608e93fd67b5cda0d72dc32f54f0308574aba
2023-02-04 Bob Friesenhahn <[email protected]>
configure.ac: Test for interesting libjpeg-turbo 3.0 functions (which may also appear in other JPEG libraries).
coders/jpeg.c: Block out existing code for C_LOSSLESS_SUPPORTED and D_LOSSLESS_SUPPORTED when compiling with JPEG-Turbo 3.0 since it is not compatible with it.
coders/wpg.c (ApproveFormatForWPG): Pass in existing ExceptionInfo pointer.
2023-01-31 Fojtik Jaroslav <[email protected]>
- coders/wpg.c: Do not approve any format from “META” module for embedding.
2023-01-28 Bob Friesenhahn <[email protected]>
- coders/wpg.c (WriteWPGImage): image->colors is only valid for storage_class == PseudoClass.
2023-01-25 Fojtik Jaroslav <[email protected]>
- coders/wpg.c: Format “8BIMTEXT” cannot be embedded inside WPG.
2023-01-24 Fojtik Jaroslav <[email protected]>
- VisualMagick/tests/runtest.bat Add missing tests of fileformats.
2023-01-15 Bob Friesenhahn <[email protected]>
tests/rwblob.tap: Add sanity test for WPG format.
tests/rwfile.tap: Add sanity test for WPG format.
coders/wpg.c: Change line terminations back to ISO standard format. (RegisterWPGImage): WPG currently only supports one frame.
Makefile.am: No longer produce “.sig” files since the “.asc” files can do everything that the “.sig” files can do.
2023-01-15 Fojtik Jaroslav <[email protected]>
VisualMagick/tests/runtest.bat
coders/wpg.c Added WPG writer … cross your fingers.
2023-01-14 Bob Friesenhahn <[email protected]>
PerlMagick/MANIFEST: Update PerlMagick manifest.
version.sh: Updated for 1.3.40 release.
NEWS.txt: Updated the news.
2023-01-13 Bob Friesenhahn <[email protected]>
- coders/jxl.c (ReadJXLImage): Cache and trace extra channel info.
2023-01-11 Fojtik Jaroslav <[email protected]>
- coders/wpg.c Fixed Monochromatic bilevel WPG should answer to gm identify file.wpg … PseudoClass 2c 8-bit
2023-01-08 Fojtik Jaroslav <[email protected]>
- coders/wpg.c Fixed deffect in WPG header reading.
2023-01-08 Bob Friesenhahn <[email protected]>
coders/png.c (WriteOnePNGImage): Use lower-case raw profile identifiers (e.g. ‘Raw profile type xmp’) because exiftool expects that. Partially addresses concerns raised by SourceForge bug #682 "Invalid storage of XMP in PNGs".
www/INSTALL-unix.rst: Add notes about required libjxl versions.
README.txt: Add notes about required libjxl versions.
2023-01-08 Fojtik Jaroslav <[email protected]>
- VisualMagick/tests/runtest.bat Added new tests for WEBP, BMP2 & BMP3. These tests are passing.
2023-01-07 Bob Friesenhahn <[email protected]>
NEWS.txt: Updated the news.
It is 2023 now! Update copyrights, rotate changelogs, etc.
magick/blob.c (OpenBlob): Zlib has never supported opening Unix ‘compress’ .Z files (although gzip does). So don’t open such files using zlib.
coders/sun.c: Add IM1, IM8, and IM24 magick aliases for Sun Raster format since those are the historically correct extensions.
2023-01-06 Bob Friesenhahn <[email protected]>
coders/sun.c (ReadSUNImage): Address oss-fuzz 54810 "graphicsmagick:coder_SUN_fuzzer: Heap-buffer-overflow in ReadSUNImage".
coders/pict.c (WritePICTImage): Fix use of logical operator where binary operator is needed.
2023-01-05 Fojtik Jaroslav <[email protected]>
- VisualMagick/installer/inc/body.isx 64 bit distribution MUST NOT be installed on pure 32 bit system. Sanity check added.
2023-01-05 Fojtik Jaroslav <[email protected]>
VisualMagick/installer/inc/body.isx
VisualMagick/installer/inc/files-dlls.isx (VisualMagick/installer/redist/VC2008SP1/vcredist_x64.exe must be downloaded from www). (VisualMagick/installer/redist/VC2008SP1/vcredist_x86.exe must be downloaded from www). Fix graphics magick installer for Windows.
2023-01-04 Fojtik Jaroslav <[email protected]>
- VisualMagick/tests/runtest.bat Added new tests for PGX (jp2), MAT, uncommented test for EPDF and PICON.
2023-01-03 Fojtik Jaroslav <[email protected]>
- VisualMagick/jp2/src/appl/UTILITY.txt removed fuzz.c.
2023-01-03 Fojtik Jaroslav <[email protected]>
VisualMagick/jp2/src/libjasper/pgx/LIBRARY.txt
jp2/src/libjasper/include/jasper/jas_config.h PGX codec was not compilled into gm, now added.
2023-01-02 Bob Friesenhahn <[email protected]>
- coders/pict.c: Add more tracing.
2023-01-01 Bob Friesenhahn <[email protected]>
- coders/pcd.c (WritePCDTile): Handle writing image with a dimension of 1.
2023-01-02 Fojtik Jaroslav <[email protected]>
- jp2/* Update lib jasper to 2.0.33. Code cleanly compilles, but there is still some problem. Will be solved later. jp2/src/lib/jasper/include/jasper/stdbool2.h No longer needed.
2023-01-01 Bob Friesenhahn <[email protected]>
magick/utility.c (GetMagickGeometry): Assure that width and height are not scaled down to zero since it is an invalid value.
coders/sun.c (ReadSUNImage): Enlarge RLE output buffer in order to avoid buffer overflow. Addresses oss-fuzz 54716 "graphicsmagick:coder_RAS_fuzzer: Heap-buffer-overflow in ReadSUNImage", which is due to a new problem added since the 1.3.39 release.
2023-01-01 Fojtik Jaroslav <[email protected]>
- jp2/* Update lib jasper to 2.0.0.