Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]
- CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136]
- CVE-2016-8866 Possible memory allocation failure in AcquireMagickMemory [bsc#1009318]
- CVE-2016-9830: Memory allocation failure in MagickRealloc (memory.c) (bsc#1013640).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2017:0305-1
- E-Mail link for SUSE-SU-2017:0305-1
- SUSE Security Ratings
- SUSE Bug 1009318
- SUSE Bug 1011130
- SUSE Bug 1011136
- SUSE Bug 1013640
- SUSE Bug 1017421
- SUSE CVE CVE-2016-8866 page
- SUSE CVE CVE-2016-9556 page
- SUSE CVE CVE-2016-9559 page
- SUSE CVE CVE-2016-9830 page
Описание
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Затронутые продукты
Ссылки
- CVE-2016-8866
- SUSE Bug 1007245
- SUSE Bug 1009318
- SUSE Bug 1031267
Описание
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-9556
- SUSE Bug 1011130
- SUSE Bug 1013376
Описание
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2016-9559
- SUSE Bug 1011136
Описание
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
Затронутые продукты
Ссылки
- CVE-2016-9830
- SUSE Bug 1013640