Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3357-1

Опубликовано: 17 дек. 2017
Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

  • CVE-2017-14042: Denial of service through a large memory allocation via specially crafted PNM images (boo#1056550)
  • CVE-2017-14504: NULL pointer dereference via specially crafted PNM images (boo#1059721)
  • CVE-2017-17498: Denial of service or unspecified other impact through a heap-based buffer overflow via specially crafted PNM images (boo#1072103)
  • CVE-2017-15277: Information leak from the application into palette data via specially crafted GIF images (boo#1063050)

Список пакетов

openSUSE Leap 42.2
GraphicsMagick-1.3.25-50.1
GraphicsMagick-devel-1.3.25-50.1
libGraphicsMagick++-Q16-12-1.3.25-50.1
libGraphicsMagick++-devel-1.3.25-50.1
libGraphicsMagick-Q16-3-1.3.25-50.1
libGraphicsMagick3-config-1.3.25-50.1
libGraphicsMagickWand-Q16-2-1.3.25-50.1
perl-GraphicsMagick-1.3.25-50.1
openSUSE Leap 42.3
GraphicsMagick-1.3.25-50.1
GraphicsMagick-devel-1.3.25-50.1
libGraphicsMagick++-Q16-12-1.3.25-50.1
libGraphicsMagick++-devel-1.3.25-50.1
libGraphicsMagick-Q16-3-1.3.25-50.1
libGraphicsMagick3-config-1.3.25-50.1
libGraphicsMagickWand-Q16-2-1.3.25-50.1
perl-GraphicsMagick-1.3.25-50.1

Ссылки

Описание

A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-50.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-50.1
Ссылки

Описание

ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-50.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-50.1
Ссылки

Описание

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-50.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-50.1
Ссылки

Описание

WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

Затронутые продукты
openSUSE Leap 42.2:GraphicsMagick-1.3.25-50.1
openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-50.1
openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-50.1
Ссылки