openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

- CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)
- CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)
- CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)
- CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314)
- CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)
- CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)
- CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)
- CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448)

Submitted by Petr Gajdos (pgajdos)

Fixed bugs

bnc#1017314

VUL-0: CVE-2016-10052: ImageMagick: Out-of-bound in exif (jpeg) reader

bnc#1017312

VUL-0: CVE-2016-10050: ImageMagick: Heap overflow when reading corrupt RLE files

bnc#1017313

VUL-0: CVE-2016-10051: ImageMagick: Use after free when using identify or convert

bnc#1017310

VUL-0: CVE-2016-10048: ImageMagick: Arbitrary module loading due to not escaping relative path

bnc#1020443

VUL-0: CVE-2016-10146: Imagemagick: memory leak in caption and label handling

bnc#1020448

VUL-0: CVE-2017-5511: Imagemagick: coders/psd.c: memory corruption heap overflow

bnc#1017326

VUL-0: CVE-2016-10070, CVE-2016-10071: ImageMagick: Missing out of bound checks for mat files

bnc#1017324

VUL-0: CVE-2016-10068: ImageMagick: Fault in MSL interpreter

Places

Fixed bugs

Selected Binaries

Places