security/vuxml: Document ImageMagick vulnerabilities

PR:		219497
Reported by:	dani <i.dani@outlook.com>

security/vuxml/vuln.xml

@@ -58,6 +58,182 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="50776801-4183-11e7-b291-b499baebfeaf">
+    <topic>imagemagick -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>imagemagick</name>
+	<range><lt>6.9.8.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<blockquote cite="https://nvd.nist.gov/vuln/search/results?query=ImageMagick">
+	  <ul>
+	    <li>CVE-2017-5506: Double free vulnerability in magick/profile.c in
+	      ImageMagick allows remote attackers to have unspecified impact via
+	      a crafted file.</li>
+	    <li>CVE-2017-5507: Memory leak in coders/mpc.c in ImageMagick before
+	      6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a
+	      denial of service (memory consumption) via vectors involving a
+	      pixel cache.</li>
+	    <li>CVE-2017-5508: Heap-based buffer overflow in the
+	      PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x
+	      before 7.0.4-3 allows remote attackers to cause a denial of
+	      service (application crash) via a crafted TIFF file.</li>
+	    <li>CVE-2017-5509: coders/psd.c in ImageMagick allows remote
+	      attackers to have unspecified impact via a crafted PSD file, which
+	      triggers an out-of-bounds write.</li>
+	    <li>CVE-2017-5510: coders/psd.c in ImageMagick allows remote
+	      attackers to have unspecified impact via a crafted PSD file, which
+	      triggers an out-of-bounds write.</li>
+	    <li>CVE-2017-5511: coders/psd.c in ImageMagick allows remote
+	      attackers to have unspecified impact by leveraging an improper
+	      cast, which triggers a heap-based buffer overflow.</li>
+	    <li>CVE-2017-6497: An issue was discovered in ImageMagick 6.9.7.
+	      A specially crafted psd file could lead to a NULL pointer
+	      dereference (thus, a DoS).</li>
+	    <li>CVE-2017-6498: An issue was discovered in ImageMagick 6.9.7.
+	      Incorrect TGA files could trigger assertion failures, thus leading
+	      to DoS.</li>
+	    <li>CVE-2017-6499: An issue was discovered in Magick++ in
+	      ImageMagick 6.9.7. A specially crafted file creating a nested
+	      exception could lead to a memory leak (thus, a DoS).</li>
+	    <li>CVE-2017-6500: An issue was discovered in ImageMagick 6.9.7.
+	      A specially crafted sun file triggers a heap-based
+	      buffer over-read.</li>
+	    <li>CVE-2017-6501: An issue was discovered in ImageMagick 6.9.7.
+	      A specially crafted xcf file could lead to a NULL pointer
+	      dereference.</li>
+	    <li>CVE-2017-6502: An issue was discovered in ImageMagick 6.9.7.
+	      A specially crafted webp file could lead to a file-descriptor
+	      leak in libmagickcore (thus, a DoS).</li>
+	    <li>CVE-2017-7275: The ReadPCXImage function in coders/pcx.c in
+	      ImageMagick 7.0.4.9 allows remote attackers to cause a denial of
+	      service (attempted large memory allocation and application crash)
+	      via a crafted file. NOTE: this vulnerability exists because of an
+	      incomplete fix for CVE-2016-8862 and CVE-2016-8866.</li>
+	    <li>CVE-2017-7606: coders/rle.c in ImageMagick 7.0.5-4 has an
+	      "outside the range of representable values of type unsigned char"
+	      undefined behavior issue, which might allow remote attackers to
+	      cause a denial of service (application crash) or possibly have
+	      unspecified other impact via a crafted image.</li>
+	    <li>CVE-2017-7619: In ImageMagick 7.0.4-9, an infinite loop can
+	      occur because of a floating-point rounding error in some of the
+	      color algorithms. This affects ModulateHSL, ModulateHCL,
+	      ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB,
+	      ModulateLCHab, and ModulateLCHuv.</li>
+	    <li>CVE-2017-7941: The ReadSGIImage function in sgi.c allows remote
+	      attackers to consume an amount of available memory via a crafted
+	      file.</li>
+	    <li>CVE-2017-7942: The ReadAVSImage function in avs.c allows remote
+	      attackers to consume an amount of available memory via a crafted
+	      file.</li>
+	    <li>CVE-2017-7943: The ReadSVGImage function in svg.c allows remote
+	      attackers to consume an amount of available memory via a crafted
+	      file.</li>
+	    <li>CVE-2017-8343: ReadAAIImage function in aai.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8344: ReadPCXImage function in pcx.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file. The
+	      ReadMNGImage function in png.c allows attackers to cause a denial
+	      of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8345: ReadMNGImage function in png.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8346: ReadMATImage function in mat.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8347: ReadMATImage function in mat.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file. </li>
+	    <li>CVE-2017-8348: ReadMATImage function in mat.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8349: ReadSFWImage function in sfw.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8350: ReadJNGImage function in png.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8351: ReadPCDImage function in pcd.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8352: ReadXWDImage function in xwd.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8353: ReadPICTImage function in pict.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8354: ReadBMPImage function in bmp.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8355: ReadMTVImage function in mtv.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8356: ReadSUNImage function in sun.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8357: ReadEPTImage function in ept.c allows attackers
+	      to cause a denial of service (memory leak) via a crafted file.</li>
+	    <li>CVE-2017-8365: The function named ReadICONImage in coders\icon.c
+	      has a memory leak vulnerability which can cause memory exhaustion
+	      via a crafted ICON file.</li>
+	    <li>CVE-2017-8830: ReadBMPImage function in bmp.c:1379 allows
+	      attackers to cause a denial of service (memory leak) via a crafted
+	      file.</li>
+	    <li>CVE-2017-9141: A crafted file could trigger an assertion failure
+	      in the ResetImageProfileIterator function in MagickCore/profile.c
+	      because of missing checks in the ReadDDSImage function in
+	      coders/dds.c.</li>
+	    <li>CVE-2017-9142: A crafted file could trigger an assertion failure
+	      in the WriteBlob function in MagickCore/blob.c because of missing
+	      checks in the ReadOneJNGImage function in coders/png.c.</li>
+	    <li>CVE-2017-9143: ReadARTImage function in coders/art.c allows
+	      attackers to cause a denial of service (memory leak) via a crafted
+	      .art file.</li>
+	    <li>CVE-2017-9144: A crafted RLE image can trigger a crash because
+	      of incorrect EOF handling in coders/rle.c.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://nvd.nist.gov/vuln/search/results?query=ImageMagick</url>
+      <cvename>CVE-2017-5506</cvename>
+      <cvename>CVE-2017-5507</cvename>
+      <cvename>CVE-2017-5508</cvename>
+      <cvename>CVE-2017-5509</cvename>
+      <cvename>CVE-2017-5510</cvename>
+      <cvename>CVE-2017-5511</cvename>
+      <cvename>CVE-2017-6497</cvename>
+      <cvename>CVE-2017-6498</cvename>
+      <cvename>CVE-2017-6499</cvename>
+      <cvename>CVE-2017-6500</cvename>
+      <cvename>CVE-2017-6501</cvename>
+      <cvename>CVE-2017-6502</cvename>
+      <cvename>CVE-2017-7275</cvename>
+      <cvename>CVE-2017-7606</cvename>
+      <cvename>CVE-2017-7619</cvename>
+      <cvename>CVE-2017-7941</cvename>
+      <cvename>CVE-2017-7942</cvename>
+      <cvename>CVE-2017-7943</cvename>
+      <cvename>CVE-2017-8343</cvename>
+      <cvename>CVE-2017-8344</cvename>
+      <cvename>CVE-2017-8345</cvename>
+      <cvename>CVE-2017-8346</cvename>
+      <cvename>CVE-2017-8347</cvename>
+      <cvename>CVE-2017-8348</cvename>
+      <cvename>CVE-2017-8349</cvename>
+      <cvename>CVE-2017-8350</cvename>
+      <cvename>CVE-2017-8351</cvename>
+      <cvename>CVE-2017-8352</cvename>
+      <cvename>CVE-2017-8353</cvename>
+      <cvename>CVE-2017-8354</cvename>
+      <cvename>CVE-2017-8355</cvename>
+      <cvename>CVE-2017-8356</cvename>
+      <cvename>CVE-2017-8357</cvename>
+      <cvename>CVE-2017-8365</cvename>
+      <cvename>CVE-2017-8830</cvename>
+      <cvename>CVE-2017-9141</cvename>
+      <cvename>CVE-2017-9142</cvename>
+      <cvename>CVE-2017-9143</cvename>
+      <cvename>CVE-2017-9144</cvename>
+    </references>
+    <dates>
+      <discovery>2017-03-05</discovery>
+      <entry>2017-05-25</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="6f4d96c0-4062-11e7-b291-b499baebfeaf">
     <topic>samba -- remote code execution vulnerability</topic>
     <affects>