Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
The following security issues were addressed:
- CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204)
- CVE-2017-13758: Heap-based buffer overflow in theTracePoint() function in MagickCore/draw.c, which allows attackers to cause a denial of service (bsc#1056277)
- CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, and gray.c (bsc#1095812)
- CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-78.61.1
libGraphicsMagick2-1.2.5-78.61.1
perl-GraphicsMagick-1.2.5-78.61.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-78.61.1
libGraphicsMagick2-1.2.5-78.61.1
Ссылки
- Link for SUSE-SU-2018:2390-1
- E-Mail link for SUSE-SU-2018:2390-1
- SUSE Security Ratings
- SUSE Bug 1056277
- SUSE Bug 1094204
- SUSE Bug 1095812
- SUSE Bug 1102007
- SUSE CVE CVE-2017-13758 page
- SUSE CVE CVE-2017-18271 page
- SUSE CVE CVE-2018-10805 page
- SUSE CVE CVE-2018-14435 page
Описание
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.61.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.61.1
Ссылки
- CVE-2017-13758
- SUSE Bug 1056277
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.61.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.61.1
Ссылки
- CVE-2017-18271
- SUSE Bug 1094204
Описание
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.61.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.61.1
Ссылки
- CVE-2018-10805
- SUSE Bug 1095812
Описание
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.61.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.61.1
Ссылки
- CVE-2018-14435
- SUSE Bug 1102007