Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]
- CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)
- CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)
- CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)
- CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)
- CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)
- CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)
- CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430)
This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP3
Ссылки
- Link for SUSE-SU-2017:2949-1
- E-Mail link for SUSE-SU-2017:2949-1
- SUSE Security Ratings
- SUSE Bug 1049379
- SUSE Bug 1050135
- SUSE Bug 1052249
- SUSE Bug 1052253
- SUSE Bug 1052545
- SUSE Bug 1054924
- SUSE Bug 1055219
- SUSE Bug 1055430
- SUSE Bug 1061873
- SUSE CVE CVE-2016-7530 page
- SUSE CVE CVE-2017-11446 page
- SUSE CVE CVE-2017-11534 page
- SUSE CVE CVE-2017-12428 page
- SUSE CVE CVE-2017-12431 page
- SUSE CVE CVE-2017-12433 page
- SUSE CVE CVE-2017-13133 page
- SUSE CVE CVE-2017-13139 page
Описание
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-7530
- SUSE Bug 1000399
- SUSE Bug 1000703
- SUSE Bug 1054924
Описание
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
Затронутые продукты
Ссылки
- CVE-2017-11446
- SUSE Bug 1049379
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
Затронутые продукты
Ссылки
- CVE-2017-11534
- SUSE Bug 1050135
Описание
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
Затронутые продукты
Ссылки
- CVE-2017-12428
- SUSE Bug 1052249
- SUSE Bug 1052253
Описание
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12431
- SUSE Bug 1052249
- SUSE Bug 1052253
Описание
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
Затронутые продукты
Ссылки
- CVE-2017-12433
- SUSE Bug 1052545
Описание
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-13133
- SUSE Bug 1055219
Описание
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Затронутые продукты
Ссылки
- CVE-2017-13139
- SUSE Bug 1055430
Описание
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
Затронутые продукты
Ссылки
- CVE-2017-15033
- SUSE Bug 1061873