Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: grave Tags: patch security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
Imagemagick version prior of february 2016 does not correctly release memory There is a resource leak in AcquireVirtualMemory resulting in major performance degradation whenever AcquireMagickResource starts returning false. The problem is that AcquireMagickResource calls are not paired with calls to RelinquishMagickResource if a resource limit is hit. Eventually all allocations and pixel caches will start using file-backed storage leading to major performance degradations. Another issue is that AcquireVirtualMemory does not remove temporary files created for failed file-backed memory mappings. This has been adressed in IM 7. Fixed by 4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c Bastien
