Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181).
- CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485).
- CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409).
- CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184).
- CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637).
- CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162).
- CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632).
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:3223-1
- SUSE Security Ratings
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
Затронутые продукты
Ссылки
- CVE-2017-11640
- SUSE Bug 1050632
Описание
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-13737
- SUSE Bug 1056162
Описание
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
Затронутые продукты
Ссылки
- CVE-2017-14341
- SUSE Bug 1058637
Описание
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
Затронутые продукты
Ссылки
- CVE-2017-14342
- SUSE Bug 1058485
Описание
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
Затронутые продукты
Ссылки
- CVE-2017-16545
- SUSE Bug 1067184
Описание
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Затронутые продукты
Ссылки
- CVE-2017-16546
- SUSE Bug 1067181
Описание
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Затронутые продукты
Ссылки
- CVE-2017-16669
- SUSE Bug 1067409
- SUSE Bug 1072898