openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

- CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752)
- CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309)
- CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455)
- CVE-2014-9846: Overflow in rle file (boo#983521)
- CVE-2015-8894: Double free in TGA code (boo#983523)
- CVE-2015-8896: Double free / integer truncation issue (boo#983533)
- CVE-2014-9807: Double free in pdb coder (boo#983794)
- CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799)
- CVE-2014-9819: Heap overflow in palm files (boo#984142)
- CVE-2014-9835: Heap overflow in wpf file (boo#984145)
- CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375)
- CVE-2014-9820: heap overflow in xpm files (boo#984150)
- CVE-2014-9837: Additional PNM sanity checks (boo#984166)
- CVE-2014-9815: Crash on corrupted wpg file (boo#984372)
- CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379)
- CVE-2014-9845: Crash due to corrupted dib file (boo#984394)
- CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400)
- CVE-2014-9853: Memory leak in rle file handling (boo#984408)
- CVE-2014-9834: Heap overflow in pict file (boo#984436)
- CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442)
- CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853)
- CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853)

Submitted by Petr Gajdos (pgajdos)

Fixed bugs

bnc#983521

VUL-1: CVE-2014-9846: GraphicsMagick, ImageMagick: Added checks to prevent overflow in rle file.

bnc#984150

VUL-0: CVE-2014-9820: GraphicsMagick,ImageMagick: heap overflow in xpm files

bnc#983533

VUL-1: CVE-2015-8896: ImageMagick, GraphicsMagick: Double free / integer truncation issue in coders/pict.c:2000

bnc#984408

VUL-0: CVE-2014-9853: GraphicsMagick,ImageMagick: memory leak in rle file handling

bnc#984379

VUL-0: CVE-2014-9839: GraphicsMagick,ImageMagick: theoretical out of bound access in magick/colormap-private.h

bnc#983523

VUL-1: CVE-2015-8894: ImageMagick, GraphicsMagick: Double free in coders/tga.c:221

bnc#984375

VUL-0: CVE-2014-9831: GraphicsMagick,ImageMagick: handling of corrupted wpg file

bnc#984166

VUL-0: CVE-2014-9837: GraphicsMagick,ImageMagick: additional PNM sanity checks

bnc#984400

VUL-0: CVE-2014-9817: GraphicsMagick,ImageMagick: heap buffer overflow in pdb file handling

bnc#984436

VUL-0: CVE-2014-9834: ImageMagick,GraphicsMagick: heap overflow in pict file

bnc#984145

VUL-0: CVE-2014-9835: GraphicsMagick,ImageMagick: heap overflow in wpf file

bnc#983455

VUL-0: CVE-2016-5241: GraphicsMagick: arithmetic exception (div by 0) in SVG conversion

bnc#985442

VUL-0: CVE-2016-5688: GraphicsMagick,ImageMagick: Re: Various invalid memory reads in ImageMagick WPG

bnc#983794

VUL-0: CVE-2014-9807: ImageMagick, GraphicsMagick: Fix a double free in pdb coder.

bnc#984372

VUL-0: CVE-2014-9815: GraphicsMagick,ImageMagick: crash on corrupted wpg file

bnc#984142

VUL-0: CVE-2014-9819: GraphicsMagick,ImageMagick: heap overflow in palm files

bnc#965853

VUL-1: CVE-2016-2317,CVE-2016-2318: GraphicsMagick: Multiple vulnerabilities when parsing and processing SVG files

bnc#983799

VUL-0: CVE-2014-9809: GraphicsMagick,ImageMagick: Fix a SEGV due to corrupted xwd images.

bnc#983309

VUL-0: CVE-2016-5240: GraphicsMagick: SVG converting issue resulting in DoS (endless loop)

bnc#984394

VUL-0: CVE-2014-9845: GraphicsMagick,ImageMagick: crash due to corrupted dib file

bnc#983752

VUL-0: CVE-2014-9805: ImageMagick,GraphicsMagick: Avoid a SEGV due to a corrupted pnm file.

Places

Fixed bugs

Selected Binaries

Places