Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to
cause a denial of service (memory leak) via a crafted file (bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to
cause a denial of service (memory leak) via a crafted file (bsc#1043354)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote
attackers to cause a denial of service (NULL pointer dereference) via a crafted
file (bsc#1051442)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052717)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in
coders\png.c (bsc#1052777)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large
MNG images, leading to an invalid memory read in the SetImageColorCallBack
function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in
coders/png.c when a small MNG file has a MEND chunk with a large length value
(bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a crafted
PNG file from triggering a crash (bsc#1055455)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
coders/png.c did not properly manage image pointers after certain error
conditions, which allowed remote attackers to conduct use-after-free attacks
via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call
(bsc#1057000)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
(bsc#1062752)

Fixed bugs
bnc#1054600
VUL-1: CVE-2017-12935: GraphicsMagick: The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandleslarge MNG images, leading to an invalid memory read in the SetImageColorCallBackfunction in magick/image.c.
bnc#1055455
VUL-1: CVE-2017-13142: GraphicsMagick,ImageMagick: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNGfile could trigger a crash because there was an insufficient check forshort files.
bnc#1062752
VUL-0: CVE-2017-15218: GraphicsMagick,ImageMagick: memory leak in ReadOneJNGImage in coders/png.c
bnc#1055374
VUL-1: CVE-2017-13147: GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c
bnc#1057000
VUL-0: CVE-2017-14103: GraphicsMagick: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c inGraphicsMagick 1.3.26 do not properly manage image pointers aftercertain error conditions, which allows remote attackers to conductus
bnc#1052717
VUL-1: CVE-2017-12673: GraphicsMagick, ImageMagick: Memory leak in ReadOneMNGImage in coders/png.c, which allows attackers to cause DoS
bnc#1043354
VUL-1: CVE-2017-9261: GraphicsMagick, ImageMagick: Memory leak in the ReadMNGImage function
bnc#1043353
VUL-0: CVE-2017-9262: GraphicsMagick,ImageMagick: Memory leak in the ReadJNGImage function
bnc#1052708
VUL-1: CVE-2017-12676: GraphicsMagick, ImageMagick: Memory leak in ReadOneJNGImage in coders/png.c, which allows attackers to cause DoS
bnc#1052777
VUL-1: CVE-2017-12641: GraphicsMagick, ImageMagick: Memory leak in ReadOneJNGImage in coders\png.c
bnc#1051442
VUL-2: CVE-2017-11750: ImageMagick: ReadOneJNGImage in coders/png.c allows to cause DoS
Selected Binaries
openSUSE Build Service is sponsored by