Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issue:
- CVE-2017-11403: A specially crafted PNG file may have have triggerd a use-after-free flaw (boo#1049072)
Список пакетов
openSUSE Leap 42.2
GraphicsMagick-1.3.25-17.1
GraphicsMagick-devel-1.3.25-17.1
libGraphicsMagick++-Q16-12-1.3.25-17.1
libGraphicsMagick++-devel-1.3.25-17.1
libGraphicsMagick-Q16-3-1.3.25-17.1
libGraphicsMagick3-config-1.3.25-17.1
libGraphicsMagickWand-Q16-2-1.3.25-17.1
perl-GraphicsMagick-1.3.25-17.1
openSUSE Leap 42.3
GraphicsMagick-1.3.25-17.1
GraphicsMagick-devel-1.3.25-17.1
libGraphicsMagick++-Q16-12-1.3.25-17.1
libGraphicsMagick++-devel-1.3.25-17.1
libGraphicsMagick-Q16-3-1.3.25-17.1
libGraphicsMagick3-config-1.3.25-17.1
libGraphicsMagickWand-Q16-2-1.3.25-17.1
perl-GraphicsMagick-1.3.25-17.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1985-1
- SUSE Security Ratings
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-17.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-17.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-17.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-17.1
Ссылки
- CVE-2017-11403
- SUSE Bug 1049072
- SUSE Bug 1053809
- SUSE Bug 1053919
- SUSE Bug 1054600
- SUSE Bug 1057000
- SUSE Bug 1084062