Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720)
- CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065)
- CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731)
- CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044)
- CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434)
- CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468)
- CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710)
- CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640)
- CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123)
- CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373)
- CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129)
- CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177)
- CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)
- Memory leak in pwp.c (boo#1051412)
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0087-1
- SUSE Security Ratings
Описание
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
Затронутые продукты
Ссылки
- CVE-2017-10800
- SUSE Bug 1047044
Описание
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
Затронутые продукты
Ссылки
- CVE-2017-11449
- SUSE Bug 1049373
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
Затронутые продукты
Ссылки
- CVE-2017-11532
- SUSE Bug 1050129
- SUSE Bug 1050623
Описание
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12564
- SUSE Bug 1052468
Описание
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12670
- SUSE Bug 1052731
Описание
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12672
- SUSE Bug 1052720
- SUSE Bug 1055434
Описание
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12675
- SUSE Bug 1052710
Описание
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-13060
- SUSE Bug 1055065
- SUSE Bug 1055434
- SUSE Bug 1076021
Описание
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
Затронутые продукты
Ссылки
- CVE-2017-13648
- SUSE Bug 1054598
- SUSE Bug 1054600
- SUSE Bug 1055434
Описание
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-14326
- SUSE Bug 1058640
Описание
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-16547
- SUSE Bug 1067177
Описание
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
Затронутые продукты
Ссылки
- CVE-2017-17881
- SUSE Bug 1074123
Описание
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
Затронутые продукты
Ссылки
- CVE-2017-18022
- SUSE Bug 1074969
- SUSE Bug 1074975