Описание
Security update for ImageMagick
This update for ImageMagick fixes several issues.
These security issues were fixed:
- CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973)
- CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)
- CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969)
- CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720)
- CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065)
- CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446)
- CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731)
- CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732)
- CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323)
- CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044)
- CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434)
- CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898)
- CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120)
- CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468)
- CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550)
- CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710)
- CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640)
- CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606)
- CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855)
- CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751)
- CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP3
Ссылки
- Link for SUSE-SU-2018:0130-1
- E-Mail link for SUSE-SU-2018:0130-1
- SUSE Security Ratings
- SUSE Bug 1047044
- SUSE Bug 1047898
- SUSE Bug 1050120
- SUSE Bug 1050606
- SUSE Bug 1051446
- SUSE Bug 1052468
- SUSE Bug 1052550
- SUSE Bug 1052710
- SUSE Bug 1052720
- SUSE Bug 1052731
- SUSE Bug 1052732
- SUSE Bug 1055065
- SUSE Bug 1055323
- SUSE Bug 1055434
- SUSE Bug 1055855
- SUSE Bug 1058640
- SUSE Bug 1059751
Описание
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
Затронутые продукты
Ссылки
- CVE-2017-10800
- SUSE Bug 1047044
Описание
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
Затронутые продукты
Ссылки
- CVE-2017-11141
- SUSE Bug 1047898
Описание
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11529
- SUSE Bug 1050120
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
Затронутые продукты
Ссылки
- CVE-2017-11644
- SUSE Bug 1050606
Описание
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
Затронутые продукты
Ссылки
- CVE-2017-11724
- SUSE Bug 1051446
Описание
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
Затронутые продукты
Ссылки
- CVE-2017-12434
- SUSE Bug 1052550
Описание
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12564
- SUSE Bug 1052468
Описание
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
Затронутые продукты
Ссылки
- CVE-2017-12667
- SUSE Bug 1052732
Описание
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12670
- SUSE Bug 1052731
Описание
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12672
- SUSE Bug 1052720
- SUSE Bug 1055434
Описание
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12675
- SUSE Bug 1052710
Описание
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-13060
- SUSE Bug 1055065
- SUSE Bug 1055434
- SUSE Bug 1076021
Описание
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
Затронутые продукты
Ссылки
- CVE-2017-13146
- SUSE Bug 1055323
Описание
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
Затронутые продукты
Ссылки
- CVE-2017-13648
- SUSE Bug 1054598
- SUSE Bug 1054600
- SUSE Bug 1055434
Описание
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
Затронутые продукты
Ссылки
- CVE-2017-13658
- SUSE Bug 1055855
Описание
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-14326
- SUSE Bug 1058640
Описание
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
Затронутые продукты
Ссылки
- CVE-2017-14533
- SUSE Bug 1059751
Описание
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
Затронутые продукты
Ссылки
- CVE-2017-17881
- SUSE Bug 1074123
Описание
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
Затронутые продукты
Ссылки
- CVE-2017-18022
- SUSE Bug 1074969
- SUSE Bug 1074975
Описание
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
Затронутые продукты
Ссылки
- CVE-2018-5246
- SUSE Bug 1074973
Описание
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
Затронутые продукты
Ссылки
- CVE-2018-5247
- SUSE Bug 1074969
- SUSE Bug 1074975