Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c could lead to denial of service [bsc#1050632]
- CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]
- CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead to denial of service [bsc#1058637]
- CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could lead to denial of service [bsc#1067181]
- CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]
- CVE-2017-16669: coders/wpg.c allows remote attackers to cause a denial of service via crafted file [bsc#1067409]
- CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056429]
- CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056426]
- CVE-2017-13134: heap-based buffer over-read in the function SFWScan in coders/sfw.c could lead to denial of service via a crafted file [bsc#1055214]
- CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]
- CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. [bsc#1054757]
- CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. [bsc#1057508]
- CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function in coders\pwp.c. [bsc#1052450]
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2017:3435-1
- E-Mail link for SUSE-SU-2017:3435-1
- SUSE Security Ratings
- SUSE Bug 1050632
- SUSE Bug 1052450
- SUSE Bug 1054757
- SUSE Bug 1055214
- SUSE Bug 1056426
- SUSE Bug 1056429
- SUSE Bug 1057508
- SUSE Bug 1058485
- SUSE Bug 1058637
- SUSE Bug 1066003
- SUSE Bug 1067181
- SUSE Bug 1067184
- SUSE Bug 1067409
- SUSE CVE CVE-2016-7996 page
- SUSE CVE CVE-2017-11640 page
- SUSE CVE CVE-2017-12587 page
- SUSE CVE CVE-2017-12983 page
Описание
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
Затронутые продукты
Ссылки
- CVE-2016-7996
- SUSE Bug 1003629
- SUSE Bug 1067184
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
Затронутые продукты
Ссылки
- CVE-2017-11640
- SUSE Bug 1050632
Описание
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
Затронутые продукты
Ссылки
- CVE-2017-12587
- SUSE Bug 1052450
Описание
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-12983
- SUSE Bug 1054757
Описание
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-13134
- SUSE Bug 1055214
Описание
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Затронутые продукты
Ссылки
- CVE-2017-13776
- SUSE Bug 1056429
- SUSE Bug 1106855
Описание
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Затронутые продукты
Ссылки
- CVE-2017-13777
- SUSE Bug 1056426
- SUSE Bug 1057719
Описание
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
Затронутые продукты
Ссылки
- CVE-2017-14165
- SUSE Bug 1052553
- SUSE Bug 1057508
- SUSE Bug 1059666
Описание
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
Затронутые продукты
Ссылки
- CVE-2017-14341
- SUSE Bug 1058637
Описание
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
Затронутые продукты
Ссылки
- CVE-2017-14342
- SUSE Bug 1058485
Описание
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
Затронутые продукты
Ссылки
- CVE-2017-15930
- SUSE Bug 1066003
Описание
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
Затронутые продукты
Ссылки
- CVE-2017-16545
- SUSE Bug 1067184
Описание
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Затронутые продукты
Ссылки
- CVE-2017-16546
- SUSE Bug 1067181
Описание
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Затронутые продукты
Ссылки
- CVE-2017-16669
- SUSE Bug 1067409
- SUSE Bug 1072898