Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="7464">
  <issue id="1054757" tracker="bnc">VUL-0: CVE-2017-12983: GraphicsMagick,ImageMagick: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service(application crash) or possibly have unsp</issue>
  <issue id="1056426" tracker="bnc">VUL-1: CVE-2017-13777: GraphicsMagick,ImageMagick: denial of service issue in ReadXBMImage() in a coders/xbm.c</issue>
  <issue id="1056429" tracker="bnc">VUL-1: CVE-2017-13776: GraphicsMagick,ImageMagick: denial of service issue in ReadXBMImage() in a coders/xbm.c</issue>
  <issue id="1057508" tracker="bnc">VUL-1: CVE-2017-14165: GraphicsMagick: ReadSUNImage() memory allocation issue  may lead to remote denial of service</issue>
  <issue id="1055214" tracker="bnc">VUL-0: CVE-2017-13134: GraphicsMagick,ImageMagick: In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file.</issue>
  <issue id="1066003" tracker="bnc">VUL-0: CVE-2017-15930: GraphicsMagick: Null Pointer dereference  while transfering JPEG scanlines could lead to denial of service</issue>
  <issue id="2017-15930" tracker="cve" />
  <issue id="2017-13134" tracker="cve" />
  <issue id="2017-13777" tracker="cve" />
  <issue id="2017-13776" tracker="cve" />
  <issue id="2017-14165" tracker="cve" />
  <issue id="2017-12983" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for GraphicsMagick fixes the following security issues:

- CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056429)
- CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056426)
- CVE-2017-13134: heap-based buffer over-read allowing DoS via crafted sfw files (bsc#1055214)
- CVE-2017-15930: Specially crafted JPEG files could lead to a Null Pointer dereference and DoS (bsc#1066003)
- CVE-2017-14165: Memory allocation issue may allow DoS through specially crafted files (bsc#1057508)
- CVE-2017-12983: Heap-based buffer overflow could have triggered an application crash
  or possibly have unspecified other impact via a crafted file. (bnc#1054757)
</description>
  <summary>Security update for GraphicsMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places