Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ImageMagick

This update for ImageMagick fixes the following issues:

- security update (xcf.c):
* CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file.
CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service
(memory consumption) via a crafted file.
[bsc#1058422]

- security update (pnm.c):
* CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and
could lead to remote denial of service [bsc#1056550]

- security update (psd.c):
* CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted file [bsc#1063049]
* CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c,
which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063]
* CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c,
which allows attackers to cause a denial of service. [bsc#1052460]
* CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption,
when a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data,
is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723]

- security update (meta.c):
* CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053]

- security update (gif.c):
* CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither
a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting
data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050]

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1063049
VUL-0: CVE-2017-15281: GraphicsMagick, ImageMagick: ReadPSDImage in coders/psd.c allows remote attackers to cause DoS or RCE
bnc#1063050
VUL-1: CVE-2017-15277: GraphicsMagick, ImageMagick: ReadGIFImage in coders/gif.c in leaves the palette uninitialized when processing a GIF, leaking information
bnc#1057723
VUL-1: CVE-2017-14174: ImageMagick: Missing end of file check in ReadPSDLayersInternal() could lead to denial of service
bnc#1055053
VUL-1: CVE-2017-13062: ImageMagick: In ImageMagick 7.0.6-6, a memory leak vulnerability was found in thefunction formatIPTC in coders/meta.c, which allows attackers to cause adenial of service (WriteMETAImage memory consump
bnc#1058422
VUL-1: CVE-2017-14343: GraphicsMagick,ImageMagick: memory leak vulnerability in ReadXCFImage incoders/xcf.c via a crafted xcf image file.
bnc#1056550
VUL-1: CVE-2017-14042: GraphicsMagick,ImageMagick: A memory allocation failure was discovered in the ReadPNMImage functionin coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes abig memory allocation, which may lead to remote
bnc#1055063
VUL-1: CVE-2017-13061: GraphicsMagick,ImageMagick: In ImageMagick 7.0.6-5, a length-validation vulnerability was found inthe function ReadPSDLayersInternal in coders/psd.c, which allowsattackers to cause a denial of service (ReadPSDImage
bnc#1052460
VUL-1: CVE-2017-12563: GraphicsMagick, ImageMagick: Memory exhaustion in ReadPSDImage in coders/psd.c, which allows attackers to cause DoS
CVE-2017-14343
CVE-2017-14042
CVE-2017-12563
CVE-2017-15281
CVE-2017-13061
CVE-2017-15277
CVE-2017-14174
CVE-2017-13062
CVE-2017-12691
Selected Binaries
openSUSE Build Service is sponsored by
Places