Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911)
- CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119)
- CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122)
- CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132)
- CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754)
- CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:0770-1
- E-Mail link for SUSE-SU-2018:0770-1
- SUSE Security Ratings
- SUSE Bug 1042911
- SUSE Bug 1050119
- SUSE Bug 1050122
- SUSE Bug 1050132
- SUSE Bug 1052754
- SUSE Bug 1072898
- SUSE CVE CVE-2017-11528 page
- SUSE CVE CVE-2017-11530 page
- SUSE CVE CVE-2017-11533 page
- SUSE CVE CVE-2017-12663 page
- SUSE CVE CVE-2017-17682 page
- SUSE CVE CVE-2017-9405 page
Описание
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11528
- SUSE Bug 1050119
Описание
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11530
- SUSE Bug 1050122
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
Затронутые продукты
Ссылки
- CVE-2017-11533
- SUSE Bug 1050132
Описание
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
Затронутые продукты
Ссылки
- CVE-2017-12663
- SUSE Bug 1052754
Описание
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
Затронутые продукты
Ссылки
- CVE-2017-17682
- SUSE Bug 1072898
Описание
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9405
- SUSE Bug 1042911