File _patchinfo of Package patchinfo.2801
<patchinfo incident="2801"> <issue id="984406" tracker="bnc">VUL-0: CVE-2014-9833: GraphicsMagick,ImageMagick: heap overflow in psd file</issue> <issue id="983774" tracker="bnc">VUL-0: CVE-2014-9806: ImageMagick, GraphicsMagick: Do not leak fd due to corrupted file.</issue> <issue id="983259" tracker="bnc">VUL-0: CVE-2015-8903: GraphicsMagick,ImageMagick: denial of service (cpu) in vicar</issue> <issue id="984023" tracker="bnc">VUL-0: CVE-2014-9836: GraphicsMagick,ImageMagick: crash in xpm file handling</issue> <issue id="984145" tracker="bnc">VUL-0: CVE-2014-9835: GraphicsMagick,ImageMagick: heap overflow in wpf file</issue> <issue id="984375" tracker="bnc">VUL-0: CVE-2014-9831: GraphicsMagick,ImageMagick: handling of corrupted wpg file</issue> <issue id="984374" tracker="bnc">VUL-0: CVE-2014-9842: GraphicsMagick,ImageMagick: memory leak in psd handling</issue> <issue id="984373" tracker="bnc">VUL-0: CVE-2014-9844: GraphicsMagick,ImageMagick: out of bound issue in rle file</issue> <issue id="984372" tracker="bnc">VUL-0: CVE-2014-9815: GraphicsMagick,ImageMagick: crash on corrupted wpg file</issue> <issue id="984142" tracker="bnc">VUL-0: CVE-2014-9819: GraphicsMagick,ImageMagick: heap overflow in palm files</issue> <issue id="984370" tracker="bnc">VUL-0: CVE-2014-9838: GraphicsMagick,ImageMagick: out of memory crash in magick/cache.c</issue> <issue id="984181" tracker="bnc">VUL-0: CVE-2014-9818: GraphicsMagick,ImageMagick: out of bound access on malformed sun file</issue> <issue id="984183" tracker="bnc">VUL-0: CVE-2014-9832: GraphicsMagick,ImageMagick: heap overflow in pcx file</issue> <issue id="984184" tracker="bnc">VUL-0: CVE-2014-9854: GraphicsMagick,ImageMagick: filling memory during identification of TIFF image</issue> <issue id="984185" tracker="bnc">VUL-0: CVE-2014-9824: GraphicsMagick,ImageMagick: heap overflow in psd file</issue> <issue id="984379" tracker="bnc">VUL-0: CVE-2014-9839: GraphicsMagick,ImageMagick: theoretical out of bound access in magick/colormap-private.h</issue> <issue id="984187" tracker="bnc">VUL-0: CVE-2014-9822: GraphicsMagick,ImageMagick: heap overflow in quantum file</issue> <issue id="984028" tracker="bnc">VUL-0: CVE-2014-9828: GraphicsMagick,ImageMagick: corrupted (too many colors) psd file</issue> <issue id="985460" tracker="bnc">VUL-0: CVE-2016-5689: GraphicsMagick,ImageMagick: NULL ptr dereference in dcm coder</issue> <issue id="983739" tracker="bnc">VUL-0: CVE-2015-8897: ImageMagick, GraphicsMagick: Out of bounds error in SpliceImage</issue> <issue id="983527" tracker="bnc">VUL-1: CVE-2015-8895: ImageMagick: Integer and Buffer overflow in coders/icon.c</issue> <issue id="984160" tracker="bnc">VUL-0: CVE-2014-9851: ImageMagick: crash when parsing resource block</issue> <issue id="984433" tracker="bnc">VUL-0: CVE-2014-9840: GraphicsMagick,ImageMagick: out of bound access in palm file</issue> <issue id="984166" tracker="bnc">VUL-0: CVE-2014-9837: GraphicsMagick,ImageMagick: additional PNM sanity checks</issue> <issue id="984436" tracker="bnc">VUL-0: CVE-2014-9834: ImageMagick,GraphicsMagick: heap overflow in pict file</issue> <issue id="984149" tracker="bnc">VUL-0: CVE-2014-9850: GraphicsMagick,ImageMagick: incorrect thread limit logic</issue> <issue id="984398" tracker="bnc">VUL-0: CVE-2014-9816: GraphicsMagick,ImageMagick: out of bound access in viff image</issue> <issue id="985448" tracker="bnc">VUL-0: CVE-2016-5687: GraphicsMagick,ImageMagick: out of bounds read in DDS coder</issue> <issue id="983521" tracker="bnc">VUL-1: CVE-2014-9846: GraphicsMagick, ImageMagick: Added checks to prevent overflow in rle file.</issue> <issue id="983794" tracker="bnc">VUL-0: CVE-2014-9807: ImageMagick, GraphicsMagick: Fix a double free in pdb coder.</issue> <issue id="984186" tracker="bnc">VUL-0: CVE-2014-9826: GraphicsMagick,ImageMagick: incorrect error handling in sun files</issue> <issue id="983796" tracker="bnc">VUL-0: CVE-2014-9808: ImageMagick, GraphicsMagick: Fix a SEGV due to corrupted dpc images.</issue> <issue id="985442" tracker="bnc">VUL-0: CVE-2016-5688: GraphicsMagick,ImageMagick: Re: Various invalid memory reads in ImageMagick WPG</issue> <issue id="983799" tracker="bnc">VUL-0: CVE-2014-9809: GraphicsMagick,ImageMagick: Fix a SEGV due to corrupted xwd images.</issue> <issue id="984394" tracker="bnc">VUL-0: CVE-2014-9845: GraphicsMagick,ImageMagick: crash due to corrupted dib file</issue> <issue id="984135" tracker="bnc">VUL-0: CVE-2014-9830: GraphicsMagick,ImageMagick: handling of corrupted sun file</issue> <issue id="983752" tracker="bnc">VUL-0: CVE-2014-9805: ImageMagick,GraphicsMagick: Avoid a SEGV due to a corrupted pnm file.</issue> <issue id="983292" tracker="bnc">VUL-0: CVE-2016-4562: ImageMagick: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0and 7.x before 7.0.1...</issue> <issue id="983308" tracker="bnc">VUL-0: CVE-2016-4564: ImageMagick: The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and7.x before 7.0.1-2 mak...</issue> <issue id="984191" tracker="bnc">VUL-0: CVE-2014-9852: GraphicsMagick,ImageMagick: incorrect usage of object after it has been destroyed</issue> <issue id="984193" tracker="bnc">VUL-0: CVE-2014-9814: GraphicsMagick,ImageMagick: NULL pointer dereference in wpg file handling</issue> <issue id="984018" tracker="bnc">VUL-0: CVE-2014-9849: GraphicsMagick,ImageMagick: crash in png coder</issue> <issue id="984427" tracker="bnc">VUL-0: CVE-2014-9825: GraphicsMagick,ImageMagick: heap overflow in corrupted psd file</issue> <issue id="984035" tracker="bnc">VUL-0: CVE-2014-9813: GraphicsMagick,ImageMagick: crash on corrupted viff file</issue> <issue id="984150" tracker="bnc">VUL-0: CVE-2014-9820: GraphicsMagick,ImageMagick: heap overflow in xpm files</issue> <issue id="984032" tracker="bnc">VUL-0: CVE-2014-9811: GraphicsMagick,ImageMagick: crash in xwd file handler</issue> <issue id="983234" tracker="bnc">VUL-0: CVE-2015-8901: GraphicsMagick,ImageMagick: MIFF file DoS (endless loop)</issue> <issue id="983305" tracker="bnc">VUL-0: CVE-2016-4563: ImageMagick: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before6.9.4-0 and 7.x before 7....</issue> <issue id="983746" tracker="bnc">VUL-0: CVE-2015-8898: ImageMagick,GraphicsMagick: Prevent null pointer access in magick/constitute.c</issue> <issue id="984179" tracker="bnc">VUL-0: CVE-2014-9843: GraphicsMagick,ImageMagick: incorrect boundary checks in DecodePSDPixels</issue> <issue id="984144" tracker="bnc">VUL-0: CVE-2014-9847: GraphicsMagick,ImageMagick: incorrect handling of "previous" image in the JNG decoder</issue> <issue id="984137" tracker="bnc">VUL-0: CVE-2014-9812: ImageMagick: NULL pointer dereference in ps file handling</issue> <issue id="983533" tracker="bnc">VUL-1: CVE-2015-8896: ImageMagick, GraphicsMagick: Double free / integer truncation issue in coders/pict.c:2000</issue> <issue id="984409" tracker="bnc">VUL-0: CVE-2014-9829: GraphicsMagick,ImageMagick: out of bound access in sun file</issue> <issue id="984408" tracker="bnc">VUL-0: CVE-2014-9853: GraphicsMagick,ImageMagick: memory leak in rle file handling</issue> <issue id="983253" tracker="bnc">VUL-1: CVE-2015-8902: ImageMagick: PDB file DoS (CPU consumption)</issue> <issue id="983232" tracker="bnc">VUL-1: CVE-2015-8900: ImageMagick: HDR file DoS (endless loop)</issue> <issue id="984404" tracker="bnc">VUL-0: CVE-2014-9848: GraphicsMagick,ImageMagick: memory leak in quantum management</issue> <issue id="984172" tracker="bnc">VUL-0: CVE-2014-9841: GraphicsMagick,ImageMagick: throwing of exceptions in psd handling</issue> <issue id="984401" tracker="bnc">VUL-0: CVE-2014-9823: GraphicsMagick,ImageMagick: heap overflow in palm file</issue> <issue id="984400" tracker="bnc">VUL-0: CVE-2014-9817: GraphicsMagick,ImageMagick: heap buffer overflow in pdb file handling</issue> <issue id="984014" tracker="bnc">VUL-0: CVE-2014-9821: GraphicsMagick,ImageMagick: Avoid heap overflow in pnm files.</issue> <issue id="983803" tracker="bnc">VUL-0: CVE-2014-9810: ImageMagick, GraphicsMagick: Fix a SEGV in dpx file handler.</issue> <issue id="983523" tracker="bnc">VUL-1: CVE-2015-8894: ImageMagick, GraphicsMagick: Double free in coders/tga.c:221</issue> <issue id="985451" tracker="bnc">VUL-0: CVE-2016-5690: GraphicsMagick,ImageMagick: bad foor loop in DCM coder</issue> <issue id="985456" tracker="bnc">VUL-0: CVE-2016-5691: GraphicsMagick,ImageMagick: checks for pixel.red/green/blue in dcm coder</issue> <issue id="986608" tracker="bnc">VUL-0: CVE-2016-5842: ImageMagick: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE - ImageMagick</issue> <issue id="986609" tracker="bnc">VUL-0: CVE-2016-5841: ImageMagick: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE - ImageMagick</issue> <issue id="2016-5841" tracker="cve" /> <issue id="2016-5842" tracker="cve" /> <issue id="2014-9810" tracker="cve" /> <issue id="2014-9811" tracker="cve" /> <issue id="2014-9812" tracker="cve" /> <issue id="2014-9813" tracker="cve" /> <issue id="2014-9814" tracker="cve" /> <issue id="2014-9815" tracker="cve" /> <issue id="2014-9816" tracker="cve" /> <issue id="2014-9817" tracker="cve" /> <issue id="2014-9818" tracker="cve" /> <issue id="2014-9819" tracker="cve" /> <issue id="2014-9830" tracker="cve" /> <issue id="2014-9831" tracker="cve" /> <issue id="2014-9850" tracker="cve" /> <issue id="2014-9851" tracker="cve" /> <issue id="2014-9852" tracker="cve" /> <issue id="2014-9853" tracker="cve" /> <issue id="2015-8902" tracker="cve" /> <issue id="2015-8903" tracker="cve" /> <issue id="2015-8900" tracker="cve" /> <issue id="2015-8901" tracker="cve" /> <issue id="2016-5688" tracker="cve" /> <issue id="2014-9834" tracker="cve" /> <issue id="2014-9806" tracker="cve" /> <issue id="2016-5687" tracker="cve" /> <issue id="2014-9838" tracker="cve" /> <issue id="2014-9854" tracker="cve" /> <issue id="2015-8898" tracker="cve" /> <issue id="2014-9833" tracker="cve" /> <issue id="2015-8894" tracker="cve" /> <issue id="2015-8895" tracker="cve" /> <issue id="2015-8896" tracker="cve" /> <issue id="2015-8897" tracker="cve" /> <issue id="2016-5690" tracker="cve" /> <issue id="2016-5691" tracker="cve" /> <issue id="2014-9836" tracker="cve" /> <issue id="2014-9808" tracker="cve" /> <issue id="2014-9821" tracker="cve" /> <issue id="2014-9820" tracker="cve" /> <issue id="2014-9823" tracker="cve" /> <issue id="2014-9822" tracker="cve" /> <issue id="2014-9825" tracker="cve" /> <issue id="2014-9824" tracker="cve" /> <issue id="2014-9809" tracker="cve" /> <issue id="2014-9826" tracker="cve" /> <issue id="2014-9843" tracker="cve" /> <issue id="2014-9842" tracker="cve" /> <issue id="2014-9841" tracker="cve" /> <issue id="2014-9840" tracker="cve" /> <issue id="2014-9847" tracker="cve" /> <issue id="2014-9846" tracker="cve" /> <issue id="2014-9845" tracker="cve" /> <issue id="2014-9844" tracker="cve" /> <issue id="2014-9849" tracker="cve" /> <issue id="2014-9848" tracker="cve" /> <issue id="2014-9807" tracker="cve" /> <issue id="2014-9829" tracker="cve" /> <issue id="2014-9832" tracker="cve" /> <issue id="2014-9805" tracker="cve" /> <issue id="2016-4564" tracker="cve" /> <issue id="2016-4563" tracker="cve" /> <issue id="2016-4562" tracker="cve" /> <issue id="2014-9839" tracker="cve" /> <issue id="2016-5689" tracker="cve" /> <issue id="2014-9837" tracker="cve" /> <issue id="2014-9835" tracker="cve" /> <issue id="2014-9828" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description>ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9850: Incorrect thread limit logic (bsc#984149). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2014-9833: Heap overflow in psd file (bsc#984406). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9823: Heap overflow in palm file (bsc#984401). - CVE-2014-9822: Heap overflow in quantum file (bsc#984187). - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2014-9848: Memory leak in quantum management (bsc#984404). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9832: Heap overflow in pcx file (bsc#984183). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608). </description> <summary>Security update for ImageMagick</summary> </patchinfo>
