Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2271-1
- SUSE Security Ratings
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11403
- SUSE Bug 1049072
- SUSE Bug 1053809
- SUSE Bug 1053919
- SUSE Bug 1054600
- SUSE Bug 1057000
- SUSE Bug 1084062
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9439
- SUSE Bug 1042826
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9440
- SUSE Bug 1042812
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9501
- SUSE Bug 1043289
- SUSE Bug 1053919