Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0023-1

Опубликовано: 04 янв. 2017
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]
  • CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136]
  • CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159]
  • CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318]
  • CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
ImageMagick-6.8.8.1-25.1
ImageMagick-devel-6.8.8.1-25.1
ImageMagick-devel-32bit-6.8.8.1-25.1
ImageMagick-doc-6.8.8.1-25.1
ImageMagick-extra-6.8.8.1-25.1
libMagick++-6_Q16-3-6.8.8.1-25.1
libMagick++-6_Q16-3-32bit-6.8.8.1-25.1
libMagick++-devel-6.8.8.1-25.1
libMagick++-devel-32bit-6.8.8.1-25.1
libMagickCore-6_Q16-1-6.8.8.1-25.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1
libMagickWand-6_Q16-1-6.8.8.1-25.1
libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1
perl-PerlMagick-6.8.8.1-25.1
openSUSE Leap 42.2
ImageMagick-6.8.8.1-25.1
ImageMagick-devel-6.8.8.1-25.1
ImageMagick-devel-32bit-6.8.8.1-25.1
ImageMagick-doc-6.8.8.1-25.1
ImageMagick-extra-6.8.8.1-25.1
libMagick++-6_Q16-3-6.8.8.1-25.1
libMagick++-6_Q16-3-32bit-6.8.8.1-25.1
libMagick++-devel-6.8.8.1-25.1
libMagick++-devel-32bit-6.8.8.1-25.1
libMagickCore-6_Q16-1-6.8.8.1-25.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1
libMagickWand-6_Q16-1-6.8.8.1-25.1
libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1
perl-PerlMagick-6.8.8.1-25.1

Ссылки

Описание

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки

Описание

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки

Описание

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки

Описание

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки

Описание

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки

Описание

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.

Затронутые продукты
openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1
openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1
Ссылки