Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
These security issues were fixed:
- CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277).
- CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356).
- CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820).
- CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237).
- CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204).
- CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730)
- CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813)
- CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP3
Ссылки
- Link for SUSE-SU-2018:1851-1
- E-Mail link for SUSE-SU-2018:1851-1
- SUSE Security Ratings
- SUSE Bug 1047356
- SUSE Bug 1056277
- SUSE Bug 1087820
- SUSE Bug 1094204
- SUSE Bug 1094237
- SUSE Bug 1095730
- SUSE Bug 1095812
- SUSE Bug 1095813
- SUSE CVE CVE-2017-10928 page
- SUSE CVE CVE-2017-13758 page
- SUSE CVE CVE-2017-18271 page
- SUSE CVE CVE-2018-10804 page
- SUSE CVE CVE-2018-10805 page
- SUSE CVE CVE-2018-11251 page
- SUSE CVE CVE-2018-11655 page
- SUSE CVE CVE-2018-9133 page
Описание
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
Затронутые продукты
Ссылки
- CVE-2017-10928
- SUSE Bug 1047356
- SUSE Bug 1047359
- SUSE Bug 1056277
- SUSE Bug 1060176
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
Затронутые продукты
Ссылки
- CVE-2017-13758
- SUSE Bug 1056277
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Затронутые продукты
Ссылки
- CVE-2017-18271
- SUSE Bug 1094204
Описание
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
Затронутые продукты
Ссылки
- CVE-2018-10804
- SUSE Bug 1095813
Описание
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Затронутые продукты
Ссылки
- CVE-2018-10805
- SUSE Bug 1095812
Описание
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
Затронутые продукты
Ссылки
- CVE-2018-11251
- SUSE Bug 1094237
Описание
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
Затронутые продукты
Ссылки
- CVE-2018-11655
- SUSE Bug 1095730
Описание
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
Затронутые продукты
Ссылки
- CVE-2018-9133
- SUSE Bug 1087820