Overview

File _patchinfo of Package patchinfo.7134

<patchinfo incident="7134">
  <issue id="1087033" tracker="bnc">VUL-1: CVE-2017-18252: ImageMagick: The MogrifyImageList function allows attackers to cause a denial of service (assertion failure and application exit)</issue>
  <issue id="1087027" tracker="bnc">VUL-1: CVE-2017-18254: GraphicsMagick, ImageMagick: Memory leak in the function WriteGIFImage in coders/gif.c, which allow attackers to cause a denial of service</issue>
  <issue id="1087037" tracker="bnc">VUL-1: CVE-2017-18251: GraphicsMagick, ImageMagick: Memory leak in the function ReadPCDImage in coders/pcd.c, which allows attackers to cause a denial of service</issue>
  <issue id="1086773" tracker="bnc">VUL-1: CVE-2018-9018: GraphicsMagick:  a divide-by-zero in the ReadMNGImage function of coders/png.c could lead to denial of service</issue>
  <issue id="1087039" tracker="bnc">VUL-1: CVE-2017-18250: ImageMagick: NULL pointer dereference in the function LogOpenCLBuildFailure inMagickCore/opencl.c</issue>
  <issue id="1047356" tracker="bnc">VUL-1: CVE-2017-10928: ImageMagick: heap-based buffer over-read in the GetNextTokenfunction in token.c</issue>
  <issue id="1087825" tracker="bnc">VUL-1: CVE-2018-9135: ImageMagick: In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read inIsWEBPImageLossless in coders/webp.c.</issue>
  <issue id="1058635" tracker="bnc">VUL-1: ImageMagick: CVE-2017-14325 ImageMagick: Memory leak in the PersistPixelCache function </issue>
  <issue id="1074117" tracker="bnc">VUL-0: CVE-2017-17887: ImageMagick: memory leak in the function GetImagePixelCache could lead to denial of service</issue>
  <issue id="1089781" tracker="bnc">VUL-0: CVE-2018-10177: GraphicsMagick,ImageMagick: In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service</issue>
  <issue id="1086782" tracker="bnc">VUL-1: CVE-2018-8960: ImageMagick: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service</issue>
  <issue id="2018-9135" tracker="cve" />
  <issue id="2017-1000476" tracker="cve" />
  <issue id="2017-18254" tracker="cve" />
  <issue id="2017-18252" tracker="cve" />
  <issue id="2017-18251" tracker="cve" />
  <issue id="2017-18250" tracker="cve" />
  <issue id="2017-10928" tracker="cve" />
  <issue id="2017-11450" tracker="cve" />
  <issue id="2018-9018" tracker="cve" />
  <issue id="2017-14325" tracker="cve" />
  <issue id="2017-17887" tracker="cve" />
  <issue id="2018-10177" tracker="cve" />
  <issue id="2018-8960" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

- CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in
  the function PersistPixelCache in magick/cache.c, which allowed attackers
  to cause a denial of service (memory consumption in ReadMPCImage in
  coders/mpc.c) via a crafted file.  [bsc#1058635]
- CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found
  in the function GetImagePixelCache in magick/cache.c, which allowed
  attackers to cause a denial of service via a crafted MNG image file that
  is processed by ReadOneMNGImage.  [bsc#1074117]
- CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function 
  LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service 
  via a crafted file. [bsc#1087039]
- CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, 
  which could lead to a denial of service via a crafted file. [bsc#1087037]
- CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow 
  attackers to cause a denial of service via a crafted file. [bsc#1087033]
- CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, 
  which could lead to  denial of service via a crafted file. [bsc#1087027]
- CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in
  ImageMagick did not properly restrict memory allocation, leading to a
  heap-based buffer over-read.  [bsc#1086782]
- CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. 
  Attackers could leverage this vulnerability to cause a crash and denial of service 
  via a crafted mng file. [bsc#1086773]
- CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c 
  could lead to denial of service. [bsc#1087825]
- CVE-2018-10177: In ImageMagick, there was an infinite loop in the
  ReadOneMNGImage function of the coders/png.c file. Remote attackers
  could leverage this vulnerability to cause a denial of service via a
  crafted mng file.  [bsc#1089781]
- CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c 
  could allow attackers to obtain sensitive information from process memory or possibly have 
  unspecified other impact via a crafted SVG document that is mishandled in the 
  GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356]

</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places