Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308)
- CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)
- CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311)
- CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)
- CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)
- CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314)
- CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318)
- CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319)
- CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319).
- CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319).
- CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320)
- CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321)
- CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322)
- CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)
- CVE-2016-10069: Add check for invalid mat file (bsc#1017325).
- CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)
- CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)
- CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433)
- CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435)
- CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)
- CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436)
- CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439)
- CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441)
- CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446).
- CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448)
This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
Ссылки
- Link for SUSE-SU-2017:0529-1
- E-Mail link for SUSE-SU-2017:0529-1
- SUSE Security Ratings
- SUSE Bug 1017308
- SUSE Bug 1017310
- SUSE Bug 1017311
- SUSE Bug 1017312
- SUSE Bug 1017313
- SUSE Bug 1017314
- SUSE Bug 1017318
- SUSE Bug 1017319
- SUSE Bug 1017320
- SUSE Bug 1017321
- SUSE Bug 1017322
- SUSE Bug 1017324
- SUSE Bug 1017325
- SUSE Bug 1017326
- SUSE Bug 1017421
- SUSE Bug 1020433
- SUSE Bug 1020435
Описание
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-10046
- SUSE Bug 1016742
- SUSE Bug 1017308
Описание
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-10048
- SUSE Bug 1017310
Описание
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
Затронутые продукты
Ссылки
- CVE-2016-10049
- SUSE Bug 1017311
Описание
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
Затронутые продукты
Ссылки
- CVE-2016-10050
- SUSE Bug 1017312
Описание
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10051
- SUSE Bug 1017313
Описание
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10052
- SUSE Bug 1017314
Описание
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
Затронутые продукты
Ссылки
- CVE-2016-10059
- SUSE Bug 1017318
Описание
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10060
- SUSE Bug 1017319
Описание
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-10061
- SUSE Bug 1017319
Описание
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10062
- SUSE Bug 1017319
Описание
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
Затронутые продукты
Ссылки
- CVE-2016-10063
- SUSE Bug 1016589
- SUSE Bug 1017320
Описание
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10064
- SUSE Bug 1016590
- SUSE Bug 1017321
Описание
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-10065
- SUSE Bug 1016591
- SUSE Bug 1017322
Описание
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
Затронутые продукты
Ссылки
- CVE-2016-10068
- SUSE Bug 1017324
Описание
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
Затронутые продукты
Ссылки
- CVE-2016-10069
- SUSE Bug 1017325
Описание
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Затронутые продукты
Ссылки
- CVE-2016-10070
- SUSE Bug 1017326
Описание
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Затронутые продукты
Ссылки
- CVE-2016-10071
- SUSE Bug 1017326
Описание
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
Затронутые продукты
Ссылки
- CVE-2016-10144
- SUSE Bug 1020433
Описание
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
Затронутые продукты
Ссылки
- CVE-2016-10145
- SUSE Bug 1020435
Описание
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-10146
- SUSE Bug 1020443
Описание
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-5506
- SUSE Bug 1020436
Описание
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
Затронутые продукты
Ссылки
- CVE-2017-5507
- SUSE Bug 1020439
Описание
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
Затронутые продукты
Ссылки
- CVE-2017-5508
- SUSE Bug 1020441
- SUSE Bug 1086782
Описание
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
Затронутые продукты
Ссылки
- CVE-2017-5510
- SUSE Bug 1020446
Описание
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-5511
- SUSE Bug 1020448