[Bug 1646607] [NEW] Imagemagick "Text to Image" -size and -pointsize behavior broken after security fix

Andrew Martin amartin at xes-inc.com
Thu Dec 1 20:12:46 UTC 2016 

Public bug reported:

There was a USN published on 11/30/16 for several CVEs:
https://www.ubuntu.com/usn/usn-3142-1/

I am running imagemagick on Ubuntu 14.04, and consequently was upgraded
to version 8:6.7.7.10-6ubuntu3.3 via unattended-upgrades. However, after
this upgrade, I find that behavior for creating images from text no
longer works.

This works on 8:6.7.7.10-6ubuntu3:
````
convert -size "126" -font Impact-Regular -fill gray -gravity Center label:"TEST TEXT" /tmp/out.png
````

But on 8:6.7.7.10-6ubuntu3.3 it gives this error:
````
convert -size "126" -font Impact-Regular -fill gray -gravity Center label:"TEST TEXT" /tmp/out.png
convert.im6: no images defined `/tmp/out.png' @ error/convert.c/ConvertImageCommand/3044.
````

Moreover, using the **exact** command (specifically the 3rd one, where width but not height is specified) in the [Best Fit To Image](https://www.imagemagick.org/Usage/text/#label_bestfit) section of the Imagemagick documentation fail with the same error:
````
  convert -background lightblue -fill blue -font Candice \
          -size 160x  label:Anthony     label_size_width.gif
````

Is this a regression introduced by the security update? If so, is there
a way to fix this?

** Affects: imagemagick (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1646607

Title:
  Imagemagick "Text to Image" -size and -pointsize behavior broken after
  security fix

Status in imagemagick package in Ubuntu:
  New

Bug description:
  There was a USN published on 11/30/16 for several CVEs:
  https://www.ubuntu.com/usn/usn-3142-1/

  I am running imagemagick on Ubuntu 14.04, and consequently was
  upgraded to version 8:6.7.7.10-6ubuntu3.3 via unattended-upgrades.
  However, after this upgrade, I find that behavior for creating images
  from text no longer works.

  This works on 8:6.7.7.10-6ubuntu3:
  ````
  convert -size "126" -font Impact-Regular -fill gray -gravity Center label:"TEST TEXT" /tmp/out.png
  ````

  But on 8:6.7.7.10-6ubuntu3.3 it gives this error:
  ````
  convert -size "126" -font Impact-Regular -fill gray -gravity Center label:"TEST TEXT" /tmp/out.png
  convert.im6: no images defined `/tmp/out.png' @ error/convert.c/ConvertImageCommand/3044.
  ````

  Moreover, using the **exact** command (specifically the 3rd one, where width but not height is specified) in the [Best Fit To Image](https://www.imagemagick.org/Usage/text/#label_bestfit) section of the Imagemagick documentation fail with the same error:
  ````
    convert -background lightblue -fill blue -font Candice \
            -size 160x  label:Anthony     label_size_width.gif
  ````

  Is this a regression introduced by the security update? If so, is
  there a way to fix this?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1646607/+subscriptions

More information about the foundations-bugs mailing list