Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-11533: An infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (boo#1050132)
- CVE-2017-17682: A large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (boo#1072898)
- CVE-2017-17500: A heap-based buffer overread in the ImportRGBQuantumType was fixed that could lead to information leak or a crash (boo#1077737)
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1050132
VUL-2: CVE-2017-11533: GraphicsMagick, ImageMagick: infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c
bnc#1072898
VUL-1: CVE-2017-17682: GraphicsMagick,ImageMagick: In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in thefunction ExtractPostscript in coders/wpg.c, which allows attackers to cause adenial of service (CPU exhaustion) via
bnc#1077737
VUL-1: GraphicsMagick: CVE-2017-17500: Heap-based buffer overflow in the ImportRGBQuantumType
