Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
These security issues were fixed:
- CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277).
- CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356).
- CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820).
- CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237).
- CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204).
- CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730)
- CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813)
- CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:1860-1
- SUSE Security Ratings
Описание
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
Затронутые продукты
Ссылки
- CVE-2017-10928
- SUSE Bug 1047356
- SUSE Bug 1047359
- SUSE Bug 1056277
- SUSE Bug 1060176
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
Затронутые продукты
Ссылки
- CVE-2017-13758
- SUSE Bug 1056277
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Затронутые продукты
Ссылки
- CVE-2017-18271
- SUSE Bug 1094204
Описание
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
Затронутые продукты
Ссылки
- CVE-2018-10804
- SUSE Bug 1095813
Описание
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Затронутые продукты
Ссылки
- CVE-2018-10805
- SUSE Bug 1095812
Описание
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
Затронутые продукты
Ссылки
- CVE-2018-11251
- SUSE Bug 1094237
Описание
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
Затронутые продукты
Ссылки
- CVE-2018-11655
- SUSE Bug 1095730
Описание
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
Затронутые продукты
Ссылки
- CVE-2018-9133
- SUSE Bug 1087820