Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-8350: The PNG/JNG decoder recieved an incremental fix, fixing some related issues in the same code. (bsc#1036985)
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: The ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file (bsc#1049072)
- CVE-2017-11643: A heap overflow in WriteCMYKImage()function in coders/cmyk.c was fixed (bsc#1050611)
- CVE-2017-11636: A heap overflow in WriteRGBImage() in coders/rgb.c was fixed (bsc#1050674)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2017:2229-1
- E-Mail link for SUSE-SU-2017:2229-1
- SUSE Security Ratings
- SUSE Bug 1036985
- SUSE Bug 1042826
- SUSE Bug 1043289
- SUSE Bug 1049072
- SUSE Bug 1050611
- SUSE Bug 1050674
- SUSE CVE CVE-2017-11403 page
- SUSE CVE CVE-2017-11636 page
- SUSE CVE CVE-2017-11643 page
- SUSE CVE CVE-2017-8350 page
- SUSE CVE CVE-2017-9439 page
- SUSE CVE CVE-2017-9501 page
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11403
- SUSE Bug 1049072
- SUSE Bug 1053809
- SUSE Bug 1053919
- SUSE Bug 1054600
- SUSE Bug 1057000
- SUSE Bug 1084062
Описание
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
Затронутые продукты
Ссылки
- CVE-2017-11636
- SUSE Bug 1050674
- SUSE Bug 1053919
Описание
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
Затронутые продукты
Ссылки
- CVE-2017-11643
- SUSE Bug 1050611
- SUSE Bug 1050674
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-8350
- SUSE Bug 1036985
- SUSE Bug 1053919
- SUSE Bug 1126909
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9439
- SUSE Bug 1042826
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9501
- SUSE Bug 1043289
- SUSE Bug 1053919