Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="8768">
  <issue tracker="bnc" id="1102007">VUL-1: CVE-2018-14435: GraphicsMagick,ImageMagick: memory leak in DecodeImage in coders/pcd.c.</issue>
  <issue tracker="bnc" id="1102005">VUL-1: CVE-2018-14436: GraphicsMagick,ImageMagick: ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.</issue>
  <issue tracker="bnc" id="1102004">VUL-1: CVE-2018-14437: GraphicsMagick,ImageMagick: memory leak in parse8BIM in coders/meta.c.</issue>
  <issue tracker="bnc" id="1102003">VUL-1: CVE-2018-14434: GraphicsMagick,ImageMagick: memory leak for a colormap in WriteMPCImage incoders/mpc.c.</issue>
  <issue tracker="bnc" id="1105592">VUL-0: ImageMagick, GraphicsMagick: ghostscript: various issues bypassing -dSAFER</issue>
  <issue id="1106855" tracker="bnc">VUL-1: CVE-2018-16323: ImageMagick: information leak when processing an XBM file that has a negative pixel value</issue>
  <issue id="1106858" tracker="bnc">VUL-1: CVE-2018-16329: ImageMagick: NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c</issue>
  <issue id="2018-16323" tracker="cve" />
  <issue id="2018-16329" tracker="cve" />
  <issue tracker="cve" id="2018-14434"/>
  <issue tracker="cve" id="2018-14435"/>
  <issue tracker="cve" id="2018-14436"/>
  <issue tracker="cve" id="2018-14437"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

The following security vulnerabilities were fixed:

- CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty
  function leading to DoS (bsc#1106858)
- CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM
  file that has a negative pixel value. If the affected code was used as a
  library loaded into a process that includes sensitive information, that
  information sometimes can be leaked via the image data (bsc#1106855)
- CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage 
  (bsc#1102003)
- CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c
  (bsc#1102007)
- CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c
  (bsc#1102005)
- CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c
  (bsc#1102004)
- Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592)

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places