Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752)
- CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309)
- CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455)
- CVE-2014-9846: Overflow in rle file (boo#983521)
- CVE-2015-8894: Double free in TGA code (boo#983523)
- CVE-2015-8896: Double free / integer truncation issue (boo#983533)
- CVE-2014-9807: Double free in pdb coder (boo#983794)
- CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799)
- CVE-2014-9819: Heap overflow in palm files (boo#984142)
- CVE-2014-9835: Heap overflow in wpf file (boo#984145)
- CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375)
- CVE-2014-9820: heap overflow in xpm files (boo#984150)
- CVE-2014-9837: Additional PNM sanity checks (boo#984166)
- CVE-2014-9815: Crash on corrupted wpg file (boo#984372)
- CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379)
- CVE-2014-9845: Crash due to corrupted dib file (boo#984394)
- CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400)
- CVE-2014-9853: Memory leak in rle file handling (boo#984408)
- CVE-2014-9834: Heap overflow in pict file (boo#984436)
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442)
- CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853)
- CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2073-1
- SUSE Security Ratings
Описание
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
Затронутые продукты
Ссылки
- CVE-2014-9805
- SUSE Bug 982969
- SUSE Bug 983752
Описание
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2014-9807
- SUSE Bug 982969
- SUSE Bug 983794
Описание
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
Затронутые продукты
Ссылки
- CVE-2014-9809
- SUSE Bug 982969
- SUSE Bug 983799
Описание
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
Затронутые продукты
Ссылки
- CVE-2014-9815
- SUSE Bug 982969
- SUSE Bug 984372
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
Затронутые продукты
Ссылки
- CVE-2014-9817
- SUSE Bug 982969
- SUSE Bug 984400
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
Затронутые продукты
Ссылки
- CVE-2014-9819
- SUSE Bug 982969
- SUSE Bug 984142
Описание
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
Затронутые продукты
Ссылки
- CVE-2014-9820
- SUSE Bug 982969
- SUSE Bug 984150
Описание
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
Затронутые продукты
Ссылки
- CVE-2014-9831
- SUSE Bug 982969
- SUSE Bug 984375
Описание
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
Затронутые продукты
Ссылки
- CVE-2014-9834
- SUSE Bug 982969
- SUSE Bug 984436
Описание
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
Затронутые продукты
Ссылки
- CVE-2014-9835
- SUSE Bug 982969
- SUSE Bug 984145
- SUSE Bug 984375
Описание
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
Затронутые продукты
Ссылки
- CVE-2014-9837
- SUSE Bug 982969
- SUSE Bug 984166
Описание
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
Затронутые продукты
Ссылки
- CVE-2014-9839
- SUSE Bug 982969
- SUSE Bug 984379
Описание
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
Затронутые продукты
Ссылки
- CVE-2014-9845
- SUSE Bug 982969
- SUSE Bug 984394
Описание
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
Затронутые продукты
Ссылки
- CVE-2014-9846
- SUSE Bug 982969
- SUSE Bug 983521
- SUSE Bug 984408
Описание
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Затронутые продукты
Ссылки
- CVE-2014-9853
- SUSE Bug 982969
- SUSE Bug 984408
Описание
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
Затронутые продукты
Ссылки
- CVE-2015-8894
- SUSE Bug 982969
- SUSE Bug 983523
- SUSE Bug 983533
Описание
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
Затронутые продукты
Ссылки
- CVE-2015-8896
- SUSE Bug 982969
- SUSE Bug 983533
Описание
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
Затронутые продукты
Ссылки
- CVE-2016-2317
- SUSE Bug 965853
- SUSE Bug 999673
Описание
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Затронутые продукты
Ссылки
- CVE-2016-2318
- SUSE Bug 1047356
- SUSE Bug 965853
Описание
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
Затронутые продукты
Ссылки
- CVE-2016-5240
- SUSE Bug 983309
Описание
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
Затронутые продукты
Ссылки
- CVE-2016-5241
- SUSE Bug 983455
Описание
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
Затронутые продукты
Ссылки
- CVE-2016-5688
- SUSE Bug 985442