Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="6322">
  <issue id="1017314" tracker="bnc">VUL-0: CVE-2016-10052: ImageMagick: Out-of-bound in exif (jpeg) reader</issue>
  <issue id="1017312" tracker="bnc">VUL-0: CVE-2016-10050: ImageMagick: Heap overflow when reading corrupt RLE files</issue>
  <issue id="1017313" tracker="bnc">VUL-0: CVE-2016-10051: ImageMagick: Use after free when using identify or convert</issue>
  <issue id="1017310" tracker="bnc">VUL-0: CVE-2016-10048: ImageMagick: Arbitrary module loading due to not escaping relative path</issue>
  <issue id="1020443" tracker="bnc">VUL-0: CVE-2016-10146: Imagemagick: memory leak in caption and label handling</issue>
  <issue id="1020448" tracker="bnc">VUL-0: CVE-2017-5511: Imagemagick: coders/psd.c: memory corruption heap overflow</issue>
  <issue id="1017326" tracker="bnc">VUL-0: CVE-2016-10070, CVE-2016-10071: ImageMagick: Missing out of bound checks for mat files</issue>
  <issue id="1017324" tracker="bnc">VUL-0: CVE-2016-10068: ImageMagick: Fault in MSL interpreter</issue>
  <issue id="2017-5511" tracker="cve" />
  <issue id="2016-10050" tracker="cve" />
  <issue id="2016-10051" tracker="cve" />
  <issue id="2016-10052" tracker="cve" />
  <issue id="2016-10068" tracker="cve" />
  <issue id="2016-10146" tracker="cve" />
  <issue id="2016-10070" tracker="cve" />
  <issue id="2016-10048" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
This update for GraphicsMagick fixes several issues.

These security issues were fixed:

- CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)
- CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)
- CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)
- CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314)
- CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)
- CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)
- CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)
- CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448)
</description>
  <summary>Security update for GraphicsMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places