openSUSE-SU-2018:3203-1

Описание

This update for ImageMagick fixes the following security issues:

• CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129)
• CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283)
• CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282)
• CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616)
• CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619)
• CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612)
• CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609)
• CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604)
• CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like formats to 'write' only. (bsc#1105592)

This update was imported from the SUSE:SLE-12:Update update project.