Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
-
security update:
- CVE-2016-8684 [boo#1005123]
- CVE-2016-8682 [boo#1005125]
- CVE-2016-8683 [boo#1005127]
-
security update:
- CVE-2016-7529 [boo#1000399]
- CVE-2016-7528 [boo#1000434]
- CVE-2016-7515 [boo#1000689]
- CVE-2016-7446 [boo#999673]
- CVE-2016-7447 [boo#999673]
- CVE-2016-7448 [boo#999673]
- CVE-2016-7449 [boo#999673]
- CVE-2016-7517 [boo#1000693]
- CVE-2016-7519 [boo#1000695]
- CVE-2016-7522 [boo#1000698]
- CVE-2016-7524 [boo#1000700]
- CVE-2016-7531 [boo#1000704]
- CVE-2016-7533 [boo#1000707]
- CVE-2016-7537 [boo#1000711]
- CVE-2016-6823 [boo#1001066]
- CVE-2016-7101 [boo#1001221]
- do not divide by zero in WriteTIFFImage [boo#1002206]
- fix buffer overflow [boo#1002209]
- CVE-2016-7800 [boo#1002422]
- CVE-2016-7996, CVE-2016-7997 [boo#1003629]
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2644-1
- SUSE Security Ratings
Описание
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
Затронутые продукты
Ссылки
- CVE-2016-5688
- SUSE Bug 985442
Описание
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
Затронутые продукты
Ссылки
- CVE-2016-6823
- SUSE Bug 1001066
- SUSE Bug 1002207
Описание
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
Затронутые продукты
Ссылки
- CVE-2016-7101
- SUSE Bug 1001221
- SUSE Bug 1002207
Описание
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
Затронутые продукты
Ссылки
- CVE-2016-7446
- SUSE Bug 999673
Описание
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-7447
- SUSE Bug 999673
Описание
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
Затронутые продукты
Ссылки
- CVE-2016-7448
- SUSE Bug 999673
Описание
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
Затронутые продукты
Ссылки
- CVE-2016-7449
- SUSE Bug 999673
Описание
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
Затронутые продукты
Ссылки
- CVE-2016-7515
- SUSE Bug 1000689
- SUSE Bug 1000695
Описание
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
Затронутые продукты
Ссылки
- CVE-2016-7517
- SUSE Bug 1000693
Описание
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-7519
- SUSE Bug 1000689
- SUSE Bug 1000695
Описание
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Затронутые продукты
Ссылки
- CVE-2016-7522
- SUSE Bug 1000698
Описание
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-7524
- SUSE Bug 1000700
- SUSE Bug 1002422
Описание
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
Затронутые продукты
Ссылки
- CVE-2016-7528
- SUSE Bug 1000434
Описание
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
Затронутые продукты
Ссылки
- CVE-2016-7529
- SUSE Bug 1000399
- SUSE Bug 1000434
- SUSE Bug 1000703
- SUSE Bug 1054924
Описание
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
Затронутые продукты
Ссылки
- CVE-2016-7531
- SUSE Bug 1000704
Описание
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
Затронутые продукты
Ссылки
- CVE-2016-7533
- SUSE Bug 1000707
Описание
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
Затронутые продукты
Ссылки
- CVE-2016-7537
- SUSE Bug 1000711
Описание
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2016-7800
- SUSE Bug 1002422
Описание
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
Затронутые продукты
Ссылки
- CVE-2016-7996
- SUSE Bug 1003629
- SUSE Bug 1067184
Описание
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
Затронутые продукты
Ссылки
- CVE-2016-7997
- SUSE Bug 1003629
Описание
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
Затронутые продукты
Ссылки
- CVE-2016-8682
- SUSE Bug 1005125
Описание
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Затронутые продукты
Ссылки
- CVE-2016-8683
- SUSE Bug 1005127
Описание
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Затронутые продукты
Ссылки
- CVE-2016-8684
- SUSE Bug 1005123