File _patchinfo of Package patchinfo.8831
<patchinfo incident="8831"> <issue tracker="bnc" id="1105592">VUL-0: ImageMagick, GraphicsMagick: ghostscript: various issues bypassing -dSAFER</issue> <issue tracker="bnc" id="1107619">VUL-1: CVE-2018-16640: GraphicsMagick,ImageMagick: memory leak vulnerability in the functionReadOneJNGImage in coders/png.c</issue> <issue tracker="bnc" id="1108282">VUL-1: CVE-2018-16749: GraphicsMagick,ImageMagick: Missing NULL check in ReadOneJNGImage in coders/png.c</issue> <issue tracker="bnc" id="1107612">VUL-1: CVE-2018-16643: GraphicsMagick,ImageMagick: ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in do not check the return value</issue> <issue tracker="bnc" id="1107616">VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write</issue> <issue tracker="bnc" id="1108283">VUL-1: CVE-2018-16750: GraphicsMagick,ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c</issue> <issue tracker="bnc" id="1050129">VUL-1: CVE-2017-11532: ImageMagick: Memory Leak in WriteMPCImage() in coders/mpc.c</issue> <issue tracker="bnc" id="1107604">VUL-1: CVE-2018-16645: GraphicsMagick,ImageMagick: excessive memory allocation issue in the functions ReadBMPImage ofcoders/bmp.c and ReadDIBImage of coders/dib.c</issue> <issue tracker="bnc" id="1106989">VUL-1: CVE-2018-16413: GraphicsMagick,ImageMagick: heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function</issue> <issue tracker="bnc" id="1107609">VUL-1: CVE-2018-16644: GraphicsMagick,ImageMagick: missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict</issue> <issue tracker="cve" id="2018-16750"/> <issue tracker="cve" id="2018-16749"/> <issue tracker="cve" id="2017-11532"/> <issue tracker="cve" id="2018-16645"/> <issue tracker="cve" id="2018-16644"/> <issue tracker="cve" id="2018-16413"/> <issue tracker="cve" id="2018-16640"/> <issue tracker="cve" id="2018-16643"/> <issue tracker="cve" id="2018-16642"/> <category>security</category> <rating>moderate</rating> <packager>pgajdos</packager> <description>This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129) - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) This update also relaxes the restrictions of use of Postscript like formats to "write" only. (bsc#1105592) </description> <summary>Security update for ImageMagick</summary> </patchinfo>
