Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]
- CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136]
- CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159]
- CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318]
- CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
Ссылки
- Link for SUSE-SU-2016:3258-1
- E-Mail link for SUSE-SU-2016:3258-1
- SUSE Security Ratings
- SUSE Bug 1009318
- SUSE Bug 1011130
- SUSE Bug 1011136
- SUSE Bug 1013376
- SUSE Bug 1014159
- SUSE CVE CVE-2014-9848 page
- SUSE CVE CVE-2016-8707 page
- SUSE CVE CVE-2016-8866 page
- SUSE CVE CVE-2016-9556 page
- SUSE CVE CVE-2016-9559 page
- SUSE CVE CVE-2016-9773 page
Описание
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Затронутые продукты
Ссылки
- CVE-2014-9848
- SUSE Bug 982969
- SUSE Bug 984404
Описание
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
Затронутые продукты
Ссылки
- CVE-2016-8707
- SUSE Bug 1014159
Описание
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Затронутые продукты
Ссылки
- CVE-2016-8866
- SUSE Bug 1007245
- SUSE Bug 1009318
- SUSE Bug 1031267
Описание
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-9556
- SUSE Bug 1011130
- SUSE Bug 1013376
Описание
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2016-9559
- SUSE Bug 1011136
Описание
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
Затронутые продукты
Ссылки
- CVE-2016-9773
- SUSE Bug 1011130
- SUSE Bug 1013376
- SUSE Bug 1017421