Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="7687">
  <issue id="1054600" tracker="bnc">VUL-1: CVE-2017-12935: GraphicsMagick: The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandleslarge MNG images, leading to an invalid memory read in the SetImageColorCallBackfunction in magick/image.c.</issue>
  <issue id="1055455" tracker="bnc">VUL-1: CVE-2017-13142: GraphicsMagick,ImageMagick: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNGfile could trigger a crash because there was an insufficient check forshort files.</issue>
  <issue id="1062752" tracker="bnc">VUL-0: CVE-2017-15218: GraphicsMagick,ImageMagick: memory leak in ReadOneJNGImage in coders/png.c</issue>
  <issue id="1055374" tracker="bnc">VUL-1: CVE-2017-13147: GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c</issue>
  <issue id="1057000" tracker="bnc">VUL-0: CVE-2017-14103: GraphicsMagick: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c inGraphicsMagick 1.3.26 do not properly manage image pointers aftercertain error conditions, which allows remote attackers to conductus</issue>
  <issue id="1052717" tracker="bnc">VUL-1: CVE-2017-12673: GraphicsMagick, ImageMagick: Memory leak in ReadOneMNGImage in coders/png.c, which allows attackers to cause DoS</issue>
  <issue id="1043354" tracker="bnc">VUL-1: CVE-2017-9261: GraphicsMagick, ImageMagick: Memory leak in the ReadMNGImage function</issue>
  <issue id="1043353" tracker="bnc">VUL-0: CVE-2017-9262: GraphicsMagick,ImageMagick: Memory leak in the ReadJNGImage function</issue>
  <issue id="1052708" tracker="bnc">VUL-1: CVE-2017-12676: GraphicsMagick, ImageMagick: Memory leak in ReadOneJNGImage in coders/png.c, which allows attackers to cause DoS</issue>
  <issue id="1052777" tracker="bnc">VUL-1: CVE-2017-12641: GraphicsMagick, ImageMagick: Memory leak in ReadOneJNGImage in coders\png.c</issue>
  <issue id="1051442" tracker="bnc">VUL-2: CVE-2017-11750: ImageMagick: ReadOneJNGImage in coders/png.c allows to cause DoS</issue>
  <issue id="2017-12935" tracker="cve" />
  <issue id="2017-15218" tracker="cve" />
  <issue id="2017-12673" tracker="cve" />
  <issue id="2017-13142" tracker="cve" />
  <issue id="2017-9261" tracker="cve" />
  <issue id="2017-12676" tracker="cve" />
  <issue id="2017-9262" tracker="cve" />
  <issue id="2017-14103" tracker="cve" />
  <issue id="2017-12641" tracker="cve" />
  <issue id="2017-13147" tracker="cve" />
  <issue id="2017-11750" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for GraphicsMagick fixes several issues.

These security issues were fixed:

- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to
  cause a denial of service (memory leak) via a crafted file (bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to
  cause a denial of service (memory leak) via a crafted file (bsc#1043354)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote
  attackers to cause a denial of service (NULL pointer dereference) via a crafted
  file (bsc#1051442)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
  coders/png.c, which allowed attackers to cause a denial of service
  (bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
  coders/png.c, which allowed attackers to cause a denial of service
  (bsc#1052717)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in
  coders\png.c (bsc#1052777)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large
  MNG images, leading to an invalid memory read in the SetImageColorCallBack
  function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in
  coders/png.c when a small MNG file has a MEND chunk with a large length value
  (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a crafted
  PNG file from triggering a crash (bsc#1055455)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
  coders/png.c did not properly manage image pointers after certain error
  conditions, which allowed remote attackers to conduct use-after-free attacks
  via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call
  (bsc#1057000)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
  (bsc#1062752)
</description>
  <summary>Security update for GraphicsMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places