Overview

File _patchinfo of Package patchinfo.8612

<patchinfo incident="8612">
  <issue tracker="bnc" id="1106855">VUL-1: CVE-2018-16323: ImageMagick: information leak when processing an XBM file that has a negative pixel value</issue>
  <issue tracker="bnc" id="1106857">VUL-1: CVE-2018-16328: ImageMagick: NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c</issue>
  <issue tracker="bnc" id="1106858">VUL-1: CVE-2018-16329: ImageMagick: NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c</issue>
  <issue id="1106989" tracker="bnc">VUL-1: CVE-2018-16413: GraphicsMagick,ImageMagick: heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function</issue>
  <issue id="1107604" tracker="bnc">VUL-1: CVE-2018-16645: GraphicsMagick,ImageMagick: excessive memory allocation issue in the functions ReadBMPImage ofcoders/bmp.c and ReadDIBImage of coders/dib.c</issue>
  <issue id="1107609" tracker="bnc">VUL-1: CVE-2018-16644: GraphicsMagick,ImageMagick: missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict</issue>
  <issue id="1107612" tracker="bnc">VUL-1: CVE-2018-16643: GraphicsMagick,ImageMagick: ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in do not check the return value</issue>
  <issue id="1107616" tracker="bnc">VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write</issue>
  <issue id="1107618" tracker="bnc">VUL-1: CVE-2018-16641: GraphicsMagick,ImageMagick: memory leak vulnerability in theTIFFWritePhotoshopLayers function in coders/tiff.c</issue>
  <issue id="1107619" tracker="bnc">VUL-1: CVE-2018-16640: GraphicsMagick,ImageMagick: memory leak vulnerability in the functionReadOneJNGImage in coders/png.c</issue>
  <issue id="2018-16640" tracker="cve" />
  <issue id="2018-16641" tracker="cve" />
  <issue id="2018-16642" tracker="cve" />
  <issue id="2018-16643" tracker="cve" />
  <issue id="2018-16644" tracker="cve" />
  <issue id="2018-16645" tracker="cve" />
  <issue id="2018-16413" tracker="cve" />
  <issue tracker="cve" id="2018-16323"/>
  <issue tracker="cve" id="2018-16328"/>
  <issue tracker="cve" id="2018-16329"/>
  <category>security</category>
  <rating>low</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following security issues:

- CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel
  function leading to DoS (bsc#1106989)
- CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty
  function leading to DoS (bsc#1106858).
- CVE-2018-16328: Prevent NULL pointer dereference exists in the
  CheckEventLogging function leading to DoS (bsc#1106857).
- CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM
  file that has a negative pixel value. If the affected code was used as a
  library loaded into a process that includes sensitive information, that
  information sometimes can be leaked via the image data (bsc#1106855)
- CVE-2018-16642: The function InsertRow allowed remote attackers to cause a
  denial of service via a crafted image file due to an out-of-bounds write
  (bsc#1107616)
- CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage
  (bsc#1107619)
- CVE-2018-16641: Prevent memory leak in the TIFFWritePhotoshopLayers function
  (bsc#1107618).
- CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and
  ReadPICTImage did check the return value of the fputc function, which allowed
  remote attackers to cause a denial of service via a crafted image file
  (bsc#1107612)
- CVE-2018-16644: Added missing check for length in the functions ReadDCMImage
  and ReadPICTImage, which allowed remote attackers to cause a denial of service
  via a crafted image (bsc#1107609)
- CVE-2018-16645: Prevent excessive memory allocation issue in the functions
  ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial
  of service via a crafted image file (bsc#1107604)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places