Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2017-15033: A denial of service attack (memory leak) in ReadYUVImage in coders/yuv.c was fixed (bsc#1061873)
- CVE-2017-13063: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055050)
- CVE-2017-13064: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055042)
- CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598)
- CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430)
- CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596)
- CVE-2017-11534: A Memory Leak in the lite_font_map() function in coders/wmf.c was fixed (bsc#1050135)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-4.78.16.1
libGraphicsMagick2-1.2.5-4.78.16.1
perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-4.78.16.1
libGraphicsMagick2-1.2.5-4.78.16.1
Ссылки
- Link for SUSE-SU-2017:3056-1
- E-Mail link for SUSE-SU-2017:3056-1
- SUSE Security Ratings
- SUSE Bug 1050135
- SUSE Bug 1054596
- SUSE Bug 1054598
- SUSE Bug 1055042
- SUSE Bug 1055050
- SUSE Bug 1055430
- SUSE Bug 1061873
- SUSE CVE CVE-2017-11534 page
- SUSE CVE CVE-2017-12936 page
- SUSE CVE CVE-2017-12937 page
- SUSE CVE CVE-2017-13063 page
- SUSE CVE CVE-2017-13064 page
- SUSE CVE CVE-2017-13139 page
- SUSE CVE CVE-2017-15033 page
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-11534
- SUSE Bug 1050135
Описание
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-12936
- SUSE Bug 1054598
- SUSE Bug 1054600
Описание
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-12937
- SUSE Bug 1054596
- SUSE Bug 1054598
- SUSE Bug 1054600
Описание
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-13063
- SUSE Bug 1054598
- SUSE Bug 1054600
- SUSE Bug 1055038
- SUSE Bug 1055050
Описание
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-13064
- SUSE Bug 1054598
- SUSE Bug 1054600
- SUSE Bug 1055042
- SUSE Bug 1055050
Описание
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-13139
- SUSE Bug 1055430
Описание
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1
Ссылки
- CVE-2017-15033
- SUSE Bug 1061873