Описание
Security update for GraphicsMagick
GraphicsMagick was updated to fix 37 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533).
- CVE-2014-9807: Double free in pdb coder. (bsc#983794).
- CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
- CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752).
- CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).
- CVE-2014-9820: Heap overflow in xpm files (bsc#984150).
- CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379).
- CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (bsc#983309).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144).
- CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (bsc#983455).
- CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
- CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
- CVE-2014-9829: Out of bound access in sun file (bsc#984409).
- CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521).
- CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853).
- CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2016:1783-1
- E-Mail link for SUSE-SU-2016:1783-1
- SUSE Security Ratings
- SUSE Bug 965853
- SUSE Bug 983234
- SUSE Bug 983259
- SUSE Bug 983309
- SUSE Bug 983455
- SUSE Bug 983521
- SUSE Bug 983523
- SUSE Bug 983533
- SUSE Bug 983752
- SUSE Bug 983794
- SUSE Bug 983796
- SUSE Bug 983799
- SUSE Bug 983803
- SUSE Bug 984028
- SUSE Bug 984032
- SUSE Bug 984035
- SUSE Bug 984135
Описание
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
Затронутые продукты
Ссылки
- CVE-2014-9805
- SUSE Bug 982969
- SUSE Bug 983752
Описание
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2014-9807
- SUSE Bug 982969
- SUSE Bug 983794
Описание
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
Затронутые продукты
Ссылки
- CVE-2014-9808
- SUSE Bug 982969
- SUSE Bug 983796
Описание
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
Затронутые продукты
Ссылки
- CVE-2014-9809
- SUSE Bug 982969
- SUSE Bug 983799
Описание
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
Затронутые продукты
Ссылки
- CVE-2014-9810
- SUSE Bug 982969
- SUSE Bug 983803
Описание
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
Затронутые продукты
Ссылки
- CVE-2014-9811
- SUSE Bug 982969
- SUSE Bug 984032
Описание
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
Затронутые продукты
Ссылки
- CVE-2014-9813
- SUSE Bug 982969
- SUSE Bug 984035
- SUSE Bug 984398
Описание
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
Затронутые продукты
Ссылки
- CVE-2014-9814
- SUSE Bug 982969
- SUSE Bug 984193
- SUSE Bug 984372
Описание
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
Затронутые продукты
Ссылки
- CVE-2014-9815
- SUSE Bug 982969
- SUSE Bug 984372
Описание
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
Затронутые продукты
Ссылки
- CVE-2014-9816
- SUSE Bug 982969
- SUSE Bug 984035
- SUSE Bug 984398
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
Затронутые продукты
Ссылки
- CVE-2014-9817
- SUSE Bug 982969
- SUSE Bug 984400
Описание
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
Затронутые продукты
Ссылки
- CVE-2014-9818
- SUSE Bug 1000690
- SUSE Bug 982969
- SUSE Bug 984181
- SUSE Bug 984186
- SUSE Bug 984409
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
Затронутые продукты
Ссылки
- CVE-2014-9819
- SUSE Bug 982969
- SUSE Bug 984142
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
Затронутые продукты
Ссылки
- CVE-2014-9820
- SUSE Bug 982969
- SUSE Bug 984150
Описание
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
Затронутые продукты
Ссылки
- CVE-2014-9828
- SUSE Bug 982969
- SUSE Bug 984028
Описание
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
Затронутые продукты
Ссылки
- CVE-2014-9829
- SUSE Bug 982969
- SUSE Bug 984409
Описание
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
Затронутые продукты
Ссылки
- CVE-2014-9830
- SUSE Bug 1000690
- SUSE Bug 982969
- SUSE Bug 984135
Описание
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
Затронутые продукты
Ссылки
- CVE-2014-9831
- SUSE Bug 982969
- SUSE Bug 984375
Описание
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
Затронутые продукты
Ссылки
- CVE-2014-9834
- SUSE Bug 982969
- SUSE Bug 984436
Описание
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
Затронутые продукты
Ссылки
- CVE-2014-9835
- SUSE Bug 982969
- SUSE Bug 984145
- SUSE Bug 984375
Описание
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
Затронутые продукты
Ссылки
- CVE-2014-9837
- SUSE Bug 982969
- SUSE Bug 984166
Описание
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
Затронутые продукты
Ссылки
- CVE-2014-9839
- SUSE Bug 982969
- SUSE Bug 984379
Описание
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
Затронутые продукты
Ссылки
- CVE-2014-9840
- SUSE Bug 982969
- SUSE Bug 984433
Описание
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2014-9844
- SUSE Bug 982969
- SUSE Bug 984373
- SUSE Bug 984408
Описание
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
Затронутые продукты
Ссылки
- CVE-2014-9845
- SUSE Bug 982969
- SUSE Bug 984394
Описание
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
Затронутые продукты
Ссылки
- CVE-2014-9846
- SUSE Bug 982969
- SUSE Bug 983521
- SUSE Bug 984408
Описание
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Затронутые продукты
Ссылки
- CVE-2014-9847
- SUSE Bug 1040304
- SUSE Bug 982969
- SUSE Bug 984144
Описание
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Затронутые продукты
Ссылки
- CVE-2014-9853
- SUSE Bug 982969
- SUSE Bug 984408
Описание
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
Затронутые продукты
Ссылки
- CVE-2015-8894
- SUSE Bug 982969
- SUSE Bug 983523
- SUSE Bug 983533
Описание
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
Затронутые продукты
Ссылки
- CVE-2015-8896
- SUSE Bug 982969
- SUSE Bug 983533
Описание
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
Затронутые продукты
Ссылки
- CVE-2015-8901
- SUSE Bug 983234
Описание
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
Затронутые продукты
Ссылки
- CVE-2015-8903
- SUSE Bug 983259
Описание
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
Затронутые продукты
Ссылки
- CVE-2016-2317
- SUSE Bug 965853
- SUSE Bug 999673
Описание
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Затронутые продукты
Ссылки
- CVE-2016-2318
- SUSE Bug 1047356
- SUSE Bug 965853
Описание
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
Затронутые продукты
Ссылки
- CVE-2016-5240
- SUSE Bug 983309
Описание
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
Затронутые продукты
Ссылки
- CVE-2016-5241
- SUSE Bug 983455
Описание
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
Затронутые продукты
Ссылки
- CVE-2016-5688
- SUSE Bug 985442