Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-11533: An infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (boo#1050132)
- CVE-2017-17682: A large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (boo#1072898)
- CVE-2017-17500: A heap-based buffer overread in the ImportRGBQuantumType was fixed that could lead to information leak or a crash (boo#1077737)
Список пакетов
openSUSE Leap 42.3
GraphicsMagick-1.3.25-74.1
GraphicsMagick-devel-1.3.25-74.1
libGraphicsMagick++-Q16-12-1.3.25-74.1
libGraphicsMagick++-devel-1.3.25-74.1
libGraphicsMagick-Q16-3-1.3.25-74.1
libGraphicsMagick3-config-1.3.25-74.1
libGraphicsMagickWand-Q16-2-1.3.25-74.1
perl-GraphicsMagick-1.3.25-74.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0542-1
- SUSE Security Ratings
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-74.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-74.1
Ссылки
- CVE-2017-11533
- SUSE Bug 1050132
Описание
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-74.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-74.1
Ссылки
- CVE-2017-17500
- SUSE Bug 1077737
Описание
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-74.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-74.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-74.1
Ссылки
- CVE-2017-17682
- SUSE Bug 1072898