Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]
- CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)
- CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)
- CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)
- CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)
- CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)
- CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)
- CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430)
This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2999-1
- SUSE Security Ratings
Описание
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-7530
- SUSE Bug 1000399
- SUSE Bug 1000703
- SUSE Bug 1054924
Описание
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
Затронутые продукты
Ссылки
- CVE-2017-11446
- SUSE Bug 1049379
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
Затронутые продукты
Ссылки
- CVE-2017-11534
- SUSE Bug 1050135
Описание
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
Затронутые продукты
Ссылки
- CVE-2017-12428
- SUSE Bug 1052249
- SUSE Bug 1052253
Описание
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12431
- SUSE Bug 1052249
- SUSE Bug 1052253
Описание
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
Затронутые продукты
Ссылки
- CVE-2017-12433
- SUSE Bug 1052545
Описание
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-13133
- SUSE Bug 1055219
Описание
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Затронутые продукты
Ссылки
- CVE-2017-13139
- SUSE Bug 1055430
Описание
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
Затронутые продукты
Ссылки
- CVE-2017-15033
- SUSE Bug 1061873