Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes several issues.
These security issues were fixed:
- CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038).
- CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939).
- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354)
- CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908)
- CVE-2017-11102: The ReadOneJNGImage function allowed remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure (bsc#1047910).
- CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037)
- CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072)
- CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442)
- CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717)
- CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777)
- CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455)
- CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000)
- CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752)
- CVE-2017-15238: ReadOneJNGImage had a use-after-free issue when the height or width is zero, related to ReadJNGImage (bsc#1067198).
- CVE-2017-17782: Prevent heap-based buffer over-read in ReadOneJNGImage related to oFFs chunk allocation (bsc#1073690).
- CVE-2017-17501: WriteOnePNGImage had a heap-based buffer over-read that could be triggered via a crafted file (bsc#1074023).
- CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120)
- CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125)
- CVE-2017-17915: Prevent heap-based buffer over-read in ReadMNGImage when accessing one byte testing whether a limit has been reached (bsc#1074175).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2018:0413-1
- E-Mail link for SUSE-SU-2018:0413-1
- SUSE Security Ratings
- SUSE Bug 1043353
- SUSE Bug 1043354
- SUSE Bug 1047908
- SUSE Bug 1047910
- SUSE Bug 1050037
- SUSE Bug 1050072
- SUSE Bug 1050100
- SUSE Bug 1051442
- SUSE Bug 1052470
- SUSE Bug 1052708
- SUSE Bug 1052717
- SUSE Bug 1052768
- SUSE Bug 1052777
- SUSE Bug 1052781
- SUSE Bug 1054600
- SUSE Bug 1055038
- SUSE Bug 1055374
Описание
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
Затронутые продукты
Ссылки
- CVE-2014-9811
- SUSE Bug 982969
- SUSE Bug 984032
Описание
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
Затронутые продукты
Ссылки
- CVE-2017-10995
- SUSE Bug 1047908
Описание
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
Затронутые продукты
Ссылки
- CVE-2017-11102
- SUSE Bug 1047910
- SUSE Bug 1057000
- SUSE Bug 1107619
Описание
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
Затронутые продукты
Ссылки
- CVE-2017-11505
- SUSE Bug 1050072
- SUSE Bug 1050100
Описание
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11526
- SUSE Bug 1050072
- SUSE Bug 1050100
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
Затронутые продукты
Ссылки
- CVE-2017-11539
- SUSE Bug 1050037
Описание
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11750
- SUSE Bug 1047910
- SUSE Bug 1051442
Описание
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12565
- SUSE Bug 1047910
- SUSE Bug 1052470
Описание
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
Затронутые продукты
Ссылки
- CVE-2017-12640
- SUSE Bug 1052781
Описание
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
Затронутые продукты
Ссылки
- CVE-2017-12641
- SUSE Bug 1052777
Описание
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
Затронутые продукты
Ссылки
- CVE-2017-12643
- SUSE Bug 1052768
Описание
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12673
- SUSE Bug 1052717
Описание
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12676
- SUSE Bug 1052708
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
Затронутые продукты
Ссылки
- CVE-2017-12935
- SUSE Bug 1054598
- SUSE Bug 1054600
Описание
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
Затронутые продукты
Ссылки
- CVE-2017-13065
- SUSE Bug 1054598
- SUSE Bug 1054600
- SUSE Bug 1055038
Описание
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
Затронутые продукты
Ссылки
- CVE-2017-13141
- SUSE Bug 1055456
- SUSE Bug 1060162
Описание
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
Затронутые продукты
Ссылки
- CVE-2017-13142
- SUSE Bug 1055455
Описание
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
Затронутые продукты
Ссылки
- CVE-2017-13147
- SUSE Bug 1055374
Описание
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.
Затронутые продукты
Ссылки
- CVE-2017-14103
- SUSE Bug 1057000
Описание
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
Затронутые продукты
Ссылки
- CVE-2017-14174
- SUSE Bug 1057723
- SUSE Bug 1072901
Описание
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
Затронутые продукты
Ссылки
- CVE-2017-14649
- SUSE Bug 1060162
Описание
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
Затронутые продукты
Ссылки
- CVE-2017-15218
- SUSE Bug 1047910
- SUSE Bug 1062752
Описание
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
Затронутые продукты
Ссылки
- CVE-2017-15238
- SUSE Bug 1067198
Описание
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Затронутые продукты
Ссылки
- CVE-2017-16669
- SUSE Bug 1067409
- SUSE Bug 1072898
Описание
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-17501
- SUSE Bug 1074023
Описание
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
Затронутые продукты
Ссылки
- CVE-2017-17504
- SUSE Bug 1072362
Описание
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
Затронутые продукты
Ссылки
- CVE-2017-17782
- SUSE Bug 1073690
Описание
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
Затронутые продукты
Ссылки
- CVE-2017-17879
- SUSE Bug 1074125
- SUSE Bug 1074175
Описание
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
Затронутые продукты
Ссылки
- CVE-2017-17884
- SUSE Bug 1074120
Описание
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
Затронутые продукты
Ссылки
- CVE-2017-17915
- SUSE Bug 1074125
- SUSE Bug 1074175
Описание
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-8352
- SUSE Bug 1036987
Описание
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9261
- SUSE Bug 1043354
Описание
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9262
- SUSE Bug 1043353
Описание
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
Затронутые продукты
Ссылки
- CVE-2018-5685
- SUSE Bug 1075939