openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

* CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]
* CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)
* CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)
* CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)
* CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)
* CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)
* CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)
* CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430)

This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].

This update was imported from the SUSE:SLE-12:Update update project.

Submitted by Petr Gajdos (pgajdos)

Fixed bugs

bnc#1054924

L3: libMagickCore-6_Q16-1 seems broken since 6.8.8.1-47.1

bnc#1061873

VUL-0: CVE-2017-15033: GraphicsMagick,ImageMagick: denial of service (memory leak) in ReadYUVImage in coders/yuv.c

bnc#1049379

VUL-0: CVE-2017-11446: ImageMagick: The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 infinite loop vulnerability

bnc#1050135

VUL-1: CVE-2017-11534: GraphicsMagick, ImageMagick: Memory Leak in the lite_font_map() in coders/wmf.c

bnc#1052249

VUL-2: CVE-2017-12428: GraphicsMagick, ImageMagick: Memory leak in ReadWMFImage in coders/wmf.c, which allows attackers to cause DoS

bnc#1052253

VUL-2: CVE-2017-12431: GraphicsMagick, ImageMagick: Use-after-free in ReadWMFImage in coders/wmf.c, which allows attackers to cause DoS

bnc#1052545

VUL-2: CVE-2017-12433: ImageMagick: Memory leak in ReadPESImage in coders/pes.c, which allows attackers to cause DoS

bnc#1055219

VUL-1: CVE-2017-13133: ImageMagick: In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacksoffset validation, which allows attackers to cause a denial of service(load_tile memory exhaustion) via a crafted file

bnc#1055430

VUL-0: CVE-2017-13139: GraphicsMagick,ImageMagick: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, theReadOneMNGImage function in coders/png.c has an out-of-bounds read withthe MNG CLIP chunk.

Places

Fixed bugs

Selected Binaries

Places