Security update for GraphicsMagick
This update for GraphicsMagick fixes the following security issues:
- CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056429)
- CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056426)
- CVE-2017-13134: heap-based buffer over-read allowing DoS via crafted sfw files (bsc#1055214)
- CVE-2017-15930: Specially crafted JPEG files could lead to a Null Pointer dereference and DoS (bsc#1066003)
- CVE-2017-14165: Memory allocation issue may allow DoS through specially crafted files (bsc#1057508)
- CVE-2017-12983: Heap-based buffer overflow could have triggered an application crash
or possibly have unspecified other impact via a crafted file. (bnc#1054757)
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1054757
VUL-0: CVE-2017-12983: GraphicsMagick,ImageMagick: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service(application crash) or possibly have unsp
bnc#1056426
VUL-1: CVE-2017-13777: GraphicsMagick,ImageMagick: denial of service issue in ReadXBMImage() in a coders/xbm.c
bnc#1056429
VUL-1: CVE-2017-13776: GraphicsMagick,ImageMagick: denial of service issue in ReadXBMImage() in a coders/xbm.c
bnc#1057508
VUL-1: CVE-2017-14165: GraphicsMagick: ReadSUNImage() memory allocation issue may lead to remote denial of service
bnc#1055214
VUL-0: CVE-2017-13134: GraphicsMagick,ImageMagick: In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file.
bnc#1066003
VUL-0: CVE-2017-15930: GraphicsMagick: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service
