Overview

File _patchinfo of Package patchinfo.9105

<patchinfo incident="9105">
  <issue tracker="bnc" id="1098546">VUL-0: CVE-2018-12599: GraphicsMagick,ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c</issue>
  <issue tracker="bnc" id="1098545">VUL-0: CVE-2018-12600: GraphicsMagick,ImageMagick: out of bounds write in ReadDIBImage and WriteDIBImage in coders/dib.c</issue>
  <issue tracker="bnc" id="1111072">VUL-1: CVE-2018-18016: GraphicsMagick,ImageMagick: ImageMagick: memory leak in WritePCXImage in coders/pcx.c</issue>
  <issue tracker="bnc" id="1111069">VUL-1: CVE-2018-18024: GraphicsMagick,ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c file</issue>
  <issue tracker="bnc" id="1110747">VUL-1: CVE-2018-17965: ImageMagick: Memory leak vulnerability in WriteSGIImage</issue>
  <issue tracker="bnc" id="1110746">VUL-1: CVE-2018-17966: ImageMagick: Memory leak vulnerability in WritePDBImage</issue>
  <issue tracker="cve" id="2018-12599"/>
  <issue tracker="cve" id="2018-17966"/>
  <issue tracker="cve" id="2018-17965"/>
  <issue tracker="cve" id="2018-12600"/>
  <issue tracker="cve" id="2017-13058"/>
  <issue tracker="cve" id="2018-18024"/>
  <issue tracker="cve" id="2018-18016"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of
  the coders/bmp.c file. Remote attackers could leverage this vulnerability
  to cause a denial of service via a crafted bmp file. (bsc#1111069)
- CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072).
- CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747).
- CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746).
- CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to
  cause an out of bounds write via a crafted file. (bsc#1098545)
- CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to
  cause an out of bounds write via a crafted file. (bsc#1098546)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places