This update for GraphicsMagick fixes the following issues:
- The dcm coder was updated to newest code, covering all currently known security issues.
Security issues fixed:
- CVE-2017-17502: ReadCMYKImage in ImportCMYKQuantumType had a heap-based buffer over-read via a crafted file. [boo#1073081]
- CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed [boo#1049374]
- CVE-2017-11140: coders/jpeg.c allowed remote attackers to cause a denial of service (application crash). [boo#1047900]
- CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. [boo#1058009]
- CVE-2017-17912: A heap-based buffer over-read in ReadNewsProfile in coders/tiff.c was fixed. [boo#1074307]
- CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. [boo#1076182]
- CVE-2017-11722: The WriteOnePNGImage function in coders/png.c allowed attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. (bsc#1051411)
- Submitted by Petr Gajdos (pgajdos)