Overview

File _patchinfo of Package patchinfo.7537

<patchinfo incident="7537">
  <issue tracker="bnc" id="1087820">VUL-1: CVE-2018-9133: ImageMagick: ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage andEncodeLabImage functions (coders/tiff.c), which results in a hang (tens ofminutes) with a tiny PoC file. Remote at</issue>
  <issue id="1094237" tracker="bnc">VUL-0: CVE-2018-11251: GraphicsMagick,ImageMagick: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service</issue>
  <issue id="1094204" tracker="bnc">VUL-1: CVE-2017-18271: GraphicsMagick, ImageMagick: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service</issue>
  <issue id="1047356" tracker="bnc">VUL-1: CVE-2017-10928: ImageMagick: heap-based buffer over-read in the GetNextTokenfunction in token.c</issue>
  <issue id="1056277" tracker="bnc">VUL-0: CVE-2017-13758: GraphicsMagick: In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in theTracePoint() function in MagickCore/draw.c.</issue>
  <issue id="1095730" tracker="bnc"></issue>
  <issue id="1095813" tracker="bnc"></issue>
  <issue id="1095812" tracker="bnc"></issue>
  <issue id="2017-10928" tracker="cve" />
  <issue id="2017-13758" tracker="cve" />
  <issue id="2018-11251" tracker="cve" />
  <issue id="2017-18271" tracker="cve" />
  <issue id="2018-11655" tracker="cve" />
  <issue id="2018-10804" tracker="cve" />
  <issue id="2018-10805" tracker="cve" />
  <issue tracker="cve" id="2018-9133"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

These security issues were fixed:

- CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint()
  function (bsc#1056277).
- CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken
  function that allowed remote attackers to obtain sensitive information from
  process memory or possibly have unspecified other impact via a crafted SVG
  document (bsc#1047356).
- CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820).
- CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237).
- CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204).
- CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730)
- CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813)
- CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places