Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting
in a use-after-free via acrafted file (bsc#1049072)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1043289
VUL-0: CVE-2017-9501: ImageMagick: in version 7.0.5-7 Q16, an assertion failure could cause a denial of service via a crafted file.
bnc#1042812
VUL-0: CVE-2017-9440: ImageMagick: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannelin coders/psd.c
bnc#1042826
VUL-0: CVE-2017-9439: ImageMagick: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage incoders/pdb.c
bnc#1049072
VUL-0: CVE-2017-11403: GraphicsMagick, ImageMagick: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file
