Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1163-1

Опубликовано: 08 мая 2018
Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

  • CVE-2017-18229: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which could allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. [bsc#1085236]
  • CVE-2017-11641: A memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files could lead to denial of servic3. [bsc#1050623]
  • CVE-2017-13066: A memory leak vulnerability in the function CloneImage in magick/image.c could lead to denial of service [bsc#1055010]
  • CVE-2018-10177: An infinite loop when reading MNG was fixed which could lead to a denial of service (hang) [bsc#1089781]

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-78.52.1
libGraphicsMagick2-1.2.5-78.52.1
perl-GraphicsMagick-1.2.5-78.52.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-78.52.1
libGraphicsMagick2-1.2.5-78.52.1

Ссылки

Описание

GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.52.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.52.1
Ссылки

Описание

GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.52.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.52.1
Ссылки

Описание

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.52.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.52.1
Ссылки

Описание

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.52.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.52.1
Ссылки