Update for GraphicsMagick.openSUSE_Leap_42.2_Update security important

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

- a possible shell execution attack was fixed. if the first character of an
input filename for 'convert' was a '|' then the remainder of the filename
was passed to the shell
(CVE-2016-5118, boo#982178)
- Maliciously crafted pnm files could crash GraphicsMagick
(CVE-2014-9805, [boo#983752])
- Prevent overflow in rle files
(CVE-2014-9846, boo#983521)
- Fix a double free in pdb coder
(CVE-2014-9807, boo#983794)
- Fix a possible crash due to corrupted xwd images
(CVE-2014-9809, boo#983799)
- Fix a possible crash due to corrupted wpg images
(CVE-2014-9815, boo#984372)
- Fix a heap buffer overflow in pdb file handling
(CVE-2014-9817, boo#984400)
- Fix a heap overflow in xpm files
(CVE-2014-9820, boo#984150)
- Fix a heap overflow in pict files
(CVE-2014-9834, boo#984436)
- Fix a heap overflow in wpf files
(CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375)
- Additional PNM sanity checks
(CVE-2014-9837, boo#984166)
- Fix a possible crash due to corrupted dib file
(CVE-2014-9845, boo#984394)
- Fix out of bound in quantum handling
(CVE-2016-7529, boo#1000399)
- Fix out of bound access in xcf file coder
(CVE-2016-7528, boo#1000434)
- Fix handling of corrupted lle files
(CVE-2016-7515, boo#1000689)
- Fix out of bound access for malformed psd file
(CVE-2016-7522, boo#1000698)
- Fix out of bound access for pbd files
(CVE-2016-7531, boo#1000704)
- Fix out of bound access in corrupted wpg files
(CVE-2016-7533, boo#1000707)
- Fix out of bound access in corrupted pdb files
(CVE-2016-7537, boo#1000711)
- BMP Coder Out-Of-Bounds Write Vulnerability
(CVE-2016-6823, boo#1001066)
- SGI Coder Out-Of-Bounds Read Vulnerability
(CVE-2016-7101, boo#1001221)
- Divide by zero in WriteTIFFImage
(do not divide by zero in WriteTIFFImage, boo#1002206)
- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders
(fix buffer overflow, boo#1002209)
- 8BIM/8BIMW unsigned underflow leads to heap overflow
(CVE-2016-7800, boo#1002422)
- wpg reader issues
(CVE-2016-7996, CVE-2016-7997, boo#1003629)
- Mismatch between real filesize and header values
(CVE-2016-8684, boo#1005123)
- Stack-buffer read overflow while reading SCT header
(CVE-2016-8682, boo#1005125)
- Check that filesize is reasonable compared to the header value
(CVE-2016-8683, boo#1005127)
- Memory allocation failure in AcquireMagickMemory
(CVE-2016-8862, boo#1007245)
- heap-based buffer overflow in IsPixelGray
(CVE-2016-9556, boo#1011130)

Fixed bugs
bnc#1007245
VUL-0: CVE-2016-8862: GraphicsMagick, ImageMagick: Memory allocation failure in AcquireMagickMemory
bnc#1011130
VUL-0: CVE-2016-9556: ImageMagick, GraphicsMagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)
bnc#984145
VUL-0: CVE-2014-9835: GraphicsMagick,ImageMagick: heap overflow in wpf file
bnc#984375
VUL-0: CVE-2014-9831: GraphicsMagick,ImageMagick: handling of corrupted wpg file
bnc#984372
VUL-0: CVE-2014-9815: GraphicsMagick,ImageMagick: crash on corrupted wpg file
bnc#983752
VUL-0: CVE-2014-9805: ImageMagick,GraphicsMagick: Avoid a SEGV due to a corrupted pnm file.
bnc#1000711
VUL-0: CVE-2016-7537: ImageMagick: Out of bound access for corrupted pdb file
bnc#982178
VUL-0: CVE-2016-5118: ImageMagick, GraphicsMagick: popen() shell vulnerability via filename
bnc#984166
VUL-0: CVE-2014-9837: GraphicsMagick,ImageMagick: additional PNM sanity checks
bnc#984436
VUL-0: CVE-2014-9834: ImageMagick,GraphicsMagick: heap overflow in pict file
bnc#983521
VUL-1: CVE-2014-9846: GraphicsMagick, ImageMagick: Added checks to prevent overflow in rle file.
bnc#983794
VUL-0: CVE-2014-9807: ImageMagick, GraphicsMagick: Fix a double free in pdb coder.
bnc#1001066
VUL-0: CVE-2016-6823: ImageMagick,GraphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability
bnc#983799
VUL-0: CVE-2014-9809: GraphicsMagick,ImageMagick: Fix a SEGV due to corrupted xwd images.
bnc#984394
VUL-0: CVE-2014-9845: GraphicsMagick,ImageMagick: crash due to corrupted dib file
bnc#1002206
VUL-0: ImageMagick: Divide by zero in WriteTIFFImage
bnc#1000399
VUL-0: CVE-2016-7529: ImageMagick: out of bound in quantum handling
bnc#1001221
VUL-0: CVE-2016-7101: ImageMagick,GraphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability
bnc#1003629
VUL-0: CVE-2016-7996, CVE-2016-7997: GraphicsMagick: WPG Reader Issues
bnc#1000434
VUL-0: CVE-2016-7528: ImageMagick: out of bound access in xcf file coder
bnc#1005127
VUL-0: CVE-2016-8683: GraphicsMagick: Check that filesize is reasonable compared to the header value
bnc#1005125
VUL-0: CVE-2016-8682: GraphicsMagick: Stack-buffer read overflow while reading SCT header
bnc#1005123
VUL-0: CVE-2016-8684: GraphicsMagick: Mismatch between real filesize and header values
bnc#1002209
VUL-0: ImageMagick: Buffer overflows in SIXEL, PDB, MAP, and TIFF coders
bnc#984150
VUL-0: CVE-2014-9820: GraphicsMagick,ImageMagick: heap overflow in xpm files
bnc#1000704
VUL-0: CVE-2016-7531: ImageMagick: Pbd file out of bound access
bnc#1000707
VUL-0: CVE-2016-7533: ImageMagick: Wpg file out of bound for corrupted file
bnc#1000689
VUL-0: CVE-2016-7515: ImageMagick: Rle file handling for corrupted file
bnc#984400
VUL-0: CVE-2014-9817: GraphicsMagick,ImageMagick: heap buffer overflow in pdb file handling
bnc#1002422
VUL-0: CVE-2016-7800: ImageMagick, GraphicsMagick: 8BIM/8BIMW unsigned underflow leads to heap overflow
bnc#1000698
VUL-0: CVE-2016-7522: ImageMagick: Out of bound access for malformed psd file
Selected Binaries
openSUSE Build Service is sponsored by