Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2017-14042: Denial of service through a large memory allocation via specially crafted PNM images (boo#1056550)
- CVE-2017-14504: NULL pointer dereference via specially crafted PNM images (boo#1059721)
- CVE-2017-17498: Denial of service or unspecified other impact through a heap-based buffer overflow via specially crafted PNM images (boo#1072103)
- CVE-2017-15277: Information leak from the application into palette data via specially crafted GIF images (boo#1063050)
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1059721
VUL-2: CVE-2017-14504: GraphicsMagick: NULL pointer dereference in ReadPNMImage function in coders/pnm.c
bnc#1056550
VUL-1: CVE-2017-14042: GraphicsMagick,ImageMagick: A memory allocation failure was discovered in the ReadPNMImage functionin coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes abig memory allocation, which may lead to remote
bnc#1072103
VUL-0: CVE-2017-17498: GraphicsMagick: WritePNMImage in coders/pnm.c allows remote attackers to cause a DoS
bnc#1063050
VUL-1: CVE-2017-15277: GraphicsMagick, ImageMagick: ReadGIFImage in coders/gif.c in leaves the palette uninitialized when processing a GIF, leaking information
