Oval Definition:oval:org.opensuse.security:def:55766
Revision Date:2020-12-01Version:1
Title:Security update for ImageMagick (Important)
Description:

ImageMagick was updated to fix 66 security issues.

These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9850: Incorrect thread limit logic (bsc#984149). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2014-9833: Heap overflow in psd file (bsc#984406). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9823: Heap overflow in palm file (bsc#984401). - CVE-2014-9822: Heap overflow in quantum file (bsc#984187). - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2014-9848: Memory leak in quantum management (bsc#984404). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9832: Heap overflow in pcx file (bsc#984183). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608).
Family:unixClass:patch
Status:Reference(s):1007869
1007870
1007871
1009318
1011130
1011136
1013376
1014159
1025950
1025951
1056865
1069708
1071471
1090638
1106171
1106172
1106173
1106195
1107410
1107411
1107412
1107413
1107420
1107421
1107422
1107423
1107426
1107581
1108027
1109105
1154162
769799
798458
812525
817781
856832
857188
858676
858677
859158
950437
952099
957812
960382
960996
962743
974092
983232
983234
983253
983259
983292
983305
983308
983521
983523
983527
983533
983739
983746
983752
983774
983794
983796
983799
983803
984014
984018
984023
984028
984032
984035
984135
984137
984142
984144
984145
984149
984150
984160
984166
984172
984179
984181
984183
984184
984185
984186
984187
984191
984193
984370
984372
984373
984374
984375
984379
984394
984398
984400
984401
984404
984406
984408
984409
984427
984433
984436
985442
985448
985451
985456
985460
986608
986609
CVE-2009-0793
CVE-2011-4971
CVE-2012-3382
CVE-2013-0179
CVE-2013-1899
CVE-2013-1900
CVE-2013-1901
CVE-2013-4276
CVE-2013-4549
CVE-2013-7239
CVE-2013-7290
CVE-2013-7291
CVE-2014-9805
CVE-2014-9806
CVE-2014-9807
CVE-2014-9808
CVE-2014-9809
CVE-2014-9810
CVE-2014-9811
CVE-2014-9812
CVE-2014-9813
CVE-2014-9814
CVE-2014-9815
CVE-2014-9816
CVE-2014-9817
CVE-2014-9818
CVE-2014-9819
CVE-2014-9820
CVE-2014-9821
CVE-2014-9822
CVE-2014-9823
CVE-2014-9824
CVE-2014-9825
CVE-2014-9826
CVE-2014-9828
CVE-2014-9829
CVE-2014-9830
CVE-2014-9831
CVE-2014-9832
CVE-2014-9833
CVE-2014-9834
CVE-2014-9835
CVE-2014-9836
CVE-2014-9837
CVE-2014-9838
CVE-2014-9839
CVE-2014-9840
CVE-2014-9841
CVE-2014-9842
CVE-2014-9843
CVE-2014-9844
CVE-2014-9845
CVE-2014-9846
CVE-2014-9847
CVE-2014-9848
CVE-2014-9848
CVE-2014-9849
CVE-2014-9850
CVE-2014-9851
CVE-2014-9852
CVE-2014-9853
CVE-2014-9854
CVE-2015-1852
CVE-2015-3195
CVE-2015-7575
CVE-2015-7830
CVE-2015-8126
CVE-2015-8711
CVE-2015-8712
CVE-2015-8713
CVE-2015-8714
CVE-2015-8715
CVE-2015-8716
CVE-2015-8717
CVE-2015-8718
CVE-2015-8719
CVE-2015-8720
CVE-2015-8721
CVE-2015-8722
CVE-2015-8723
CVE-2015-8724
CVE-2015-8725
CVE-2015-8726
CVE-2015-8727
CVE-2015-8728
CVE-2015-8729
CVE-2015-8730
CVE-2015-8731
CVE-2015-8732
CVE-2015-8733
CVE-2015-8894
CVE-2015-8895
CVE-2015-8896
CVE-2015-8897
CVE-2015-8898
CVE-2015-8900
CVE-2015-8901
CVE-2015-8902
CVE-2015-8903
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0475
CVE-2016-0483
CVE-2016-0494
CVE-2016-4562
CVE-2016-4563
CVE-2016-4564
CVE-2016-5687
CVE-2016-5688
CVE-2016-5689
CVE-2016-5690
CVE-2016-5691
CVE-2016-5841
CVE-2016-5842
CVE-2016-8704
CVE-2016-8705
CVE-2016-8706
CVE-2016-8707
CVE-2016-8866
CVE-2016-9556
CVE-2016-9559
CVE-2016-9773
CVE-2017-15868
CVE-2017-16939
CVE-2017-17833
CVE-2017-9951
CVE-2018-15908
CVE-2018-15909
CVE-2018-15910
CVE-2018-15911
CVE-2018-16509
CVE-2018-16510
CVE-2018-16511
CVE-2018-16513
CVE-2018-16539
CVE-2018-16540
CVE-2018-16541
CVE-2018-16542
CVE-2018-16543
CVE-2018-16585
CVE-2018-16802
CVE-2018-17183
CVE-2019-2974
SUSE-SU-2015:2251-1
SUSE-SU-2016:0110-1
SUSE-SU-2016:0256-1
SUSE-SU-2016:1784-1
SUSE-SU-2016:3258-1
SUSE-SU-2017:0695-1
SUSE-SU-2018:0271-1
SUSE-SU-2018:0807-1
SUSE-SU-2018:2975-1
SUSE-SU-2018:2991-1
SUSE-SU-2019:3370-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • bzip2-1.0.6-lp150.3 is installed
  • OR libbz2-1-1.0.6-lp150.3 is installed
  • OR libbz2-1-32bit-1.0.6-lp150.3 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • ncat-7.70-lp151.3.3 is installed
  • OR ndiff-7.70-lp151.3.3 is installed
  • OR nmap-7.70-lp151.3.3 is installed
  • OR nping-7.70-lp151.3.3 is installed
  • OR zenmap-7.70-lp151.3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • bytefx-data-mysql-2.6.7-0.9 is installed
  • OR ibm-data-db2-2.6.7-0.9 is installed
  • OR mono-core-2.6.7-0.9 is installed
  • OR mono-data-2.6.7-0.9 is installed
  • OR mono-data-firebird-2.6.7-0.9 is installed
  • OR mono-data-oracle-2.6.7-0.9 is installed
  • OR mono-data-postgresql-2.6.7-0.9 is installed
  • OR mono-data-sqlite-2.6.7-0.9 is installed
  • OR mono-data-sybase-2.6.7-0.9 is installed
  • OR mono-devel-2.6.7-0.9 is installed
  • OR mono-extras-2.6.7-0.9 is installed
  • OR mono-jscript-2.6.7-0.9 is installed
  • OR mono-locale-extras-2.6.7-0.9 is installed
  • OR mono-nunit-2.6.7-0.9 is installed
  • OR mono-wcf-2.6.7-0.9 is installed
  • OR mono-web-2.6.7-0.9 is installed
  • OR mono-winforms-2.6.7-0.9 is installed
  • OR monodoc-core-2.6.7-0.9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • compat-openssl097g-0.9.7g-146.22.36 is installed
  • OR compat-openssl097g-32bit-0.9.7g-146.22.36 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-30 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-30 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-30 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-30 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-30 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libmysqlclient18-10.0.40.2-2.12 is installed
  • OR libmysqlclient18-32bit-10.0.40.2-2.12 is installed
  • OR libmysqlclient_r18-10.0.40.2-2.12 is installed
  • OR libmysqlclient_r18-32bit-10.0.40.2-2.12 is installed
  • OR mariadb-100-10.0.40.2-2.12 is installed
  • OR mariadb-100-errormessages-10.0.40.2-2.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • liblcms1-1.19-17 is installed
  • OR liblcms1-32bit-1.19-17 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_60-default-5-2 is installed
  • OR kgraft-patch-3_12_74-60_64_60-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_21-5-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libIlmImf-Imf_2_1-21-2.1.0-4 is installed
  • OR openexr-2.1.0-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • git-2.12.3-27.17 is installed
  • OR git-core-2.12.3-27.17 is installed
  • OR git-doc-2.12.3-27.17 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_109-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_29-4-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND ucode-intel-20180425-13.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-1 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND ucode-intel-20190618-13.47 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_100-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-3-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.60-38.47 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.131 is installed
  • OR ImageMagick-config-6-SUSE-6.8.8.1-71.131 is installed
  • OR ImageMagick-config-6-upstream-6.8.8.1-71.131 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.131 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.131 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cpp48-4.8.5-31.17 is installed
  • OR gcc48-4.8.5-31.17 is installed
  • OR gcc48-32bit-4.8.5-31.17 is installed
  • OR gcc48-c++-4.8.5-31.17 is installed
  • OR gcc48-info-4.8.5-31.17 is installed
  • OR gcc48-locale-4.8.5-31.17 is installed
  • OR libasan0-4.8.5-31.17 is installed
  • OR libasan0-32bit-4.8.5-31.17 is installed
  • OR libstdc++48-devel-4.8.5-31.17 is installed
  • OR libstdc++48-devel-32bit-4.8.5-31.17 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-keystonemiddleware-2.3.1-1 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • xen-4.7.6_02-43.36 is installed
  • OR xen-doc-html-4.7.6_02-43.36 is installed
  • OR xen-libs-4.7.6_02-43.36 is installed
  • OR xen-libs-32bit-4.7.6_02-43.36 is installed
  • OR xen-tools-4.7.6_02-43.36 is installed
  • OR xen-tools-domU-4.7.6_02-43.36 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • gvim-7.4.326-17.6 is installed
  • OR vim-7.4.326-17.6 is installed
  • OR vim-data-7.4.326-17.6 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Werkzeug-0.14.1-3.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • postgresql96-9.6.15-3.29 is installed
  • OR postgresql96-contrib-9.6.15-3.29 is installed
  • OR postgresql96-docs-9.6.15-3.29 is installed
  • OR postgresql96-libs-9.6.15-3.29 is installed
  • OR postgresql96-plperl-9.6.15-3.29 is installed
  • OR postgresql96-plpython-9.6.15-3.29 is installed
  • OR postgresql96-pltcl-9.6.15-3.29 is installed
  • OR postgresql96-server-9.6.15-3.29 is installed
  • BACK