Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911)
- CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119)
- CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132)
- CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754)
- CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898)
- CVE-2017-17500: A heap-based buffer overflow (read) in the ImportRGBQuantumType was fixed. (bsc#1077737)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2018:0672-1
- E-Mail link for SUSE-SU-2018:0672-1
- SUSE Security Ratings
- SUSE Bug 1042911
- SUSE Bug 1050119
- SUSE Bug 1050132
- SUSE Bug 1052754
- SUSE Bug 1072898
- SUSE Bug 1077737
- SUSE CVE CVE-2017-11528 page
- SUSE CVE CVE-2017-11533 page
- SUSE CVE CVE-2017-12663 page
- SUSE CVE CVE-2017-17500 page
- SUSE CVE CVE-2017-17682 page
- SUSE CVE CVE-2017-9405 page
Описание
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11528
- SUSE Bug 1050119
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
Затронутые продукты
Ссылки
- CVE-2017-11533
- SUSE Bug 1050132
Описание
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
Затронутые продукты
Ссылки
- CVE-2017-12663
- SUSE Bug 1052754
Описание
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-17500
- SUSE Bug 1077737
Описание
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
Затронутые продукты
Ссылки
- CVE-2017-17682
- SUSE Bug 1072898
Описание
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9405
- SUSE Bug 1042911