Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- security update (png.c)
- CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773]
- security update (gif.c)
- CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027]
- security update (pcd.c)
- CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037]
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-78.47.1
libGraphicsMagick2-1.2.5-78.47.1
perl-GraphicsMagick-1.2.5-78.47.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-78.47.1
libGraphicsMagick2-1.2.5-78.47.1
Ссылки
- Link for SUSE-SU-2018:1036-1
- E-Mail link for SUSE-SU-2018:1036-1
- SUSE Security Ratings
- SUSE Bug 1086773
- SUSE Bug 1087027
- SUSE Bug 1087037
- SUSE CVE CVE-2017-18251 page
- SUSE CVE CVE-2017-18254 page
- SUSE CVE CVE-2018-9018 page
Описание
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.47.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.47.1
Ссылки
- CVE-2017-18251
- SUSE Bug 1087037
Описание
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.47.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.47.1
Ссылки
- CVE-2017-18254
- SUSE Bug 1087027
Описание
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.47.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.47.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.47.1
Ссылки
- CVE-2018-9018
- SUSE Bug 1086773