Overview

File _patchinfo of Package patchinfo.5137

<patchinfo incident="5137">
  <issue id="1043289" tracker="bnc">VUL-0: CVE-2017-9501: ImageMagick: in version 7.0.5-7 Q16, an assertion failure  could cause a denial of service via a crafted file.</issue>
  <issue id="1042812" tracker="bnc">VUL-0: CVE-2017-9440: ImageMagick: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannelin coders/psd.c</issue>
  <issue id="1042826" tracker="bnc">VUL-0: CVE-2017-9439: ImageMagick: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage incoders/pdb.c</issue>
  <issue id="1049072" tracker="bnc">VUL-0: CVE-2017-11403: GraphicsMagick, ImageMagick: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file</issue>
  <issue id="2017-9439" tracker="cve" />
  <issue id="2017-9440" tracker="cve" />
  <issue id="2017-9501" tracker="cve" />
  <issue id="2017-11403" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting
  in a use-after-free via acrafted file (bsc#1049072)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places