Oval Definition:oval:org.opensuse.security:def:58606
Revision Date:2020-12-01Version:1
Title:Security update for ImageMagick (Important)
Description:

This update for ImageMagick fixes the following issues:

* CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254] * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176] * Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744] * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]

Family:unixClass:patch
Status:Reference(s):1014702
1015169
1016779
1017081
1017084
1020491
1020589
1020868
1020890
1020928
1020976
1021129
1021195
1021481
1022428
1022541
1023004
1023053
1023073
1023907
1024972
1026583
1034911
1037216
1038709
1038711
1038713
1048457
1049796
1050083
1050116
1050139
1050632
1051441
1051847
1052450
1052553
1052689
1052744
1052758
1052764
1054757
1055214
1056432
1057157
1057719
1057729
1057730
1058485
1058637
1059666
1059778
1060176
1060577
1061254
1062750
1066003
1067181
1067184
1067409
1075091
1075994
1081294
1083424
1087082
1087083
1087813
1090638
1091041
1096141
1098531
1099279
1100147
1102682
1111853
1120386
1131107
1133147
1136449
1137325
1138872
1146519
1146544
1146612
1149591
1153811
1154844
1155311
1155897
1156060
1157038
1157042
1157070
1157143
1157155
1157157
1157158
1157303
1157324
1157333
1157464
1157804
1157923
1158021
1158132
1158381
1158394
1158398
1158410
1158413
1158417
1158427
1158445
1158819
1158823
1158824
1158827
1158834
1158900
1158903
1158904
1159199
1159285
1159297
1159841
1159908
1159910
1159911
1159912
1160195
1162227
1162298
1162928
1162929
1162931
1163971
1164069
1164078
1164846
1165111
1165311
1165873
1165881
1165984
1165985
1167629
1168075
1168295
1168424
1168829
1168854
1170056
1170345
1170771
1170778
1174955
1177155
977027
995374
996821
CVE-2009-0023
CVE-2009-1191
CVE-2009-1195
CVE-2009-1890
CVE-2009-1891
CVE-2009-1955
CVE-2009-1956
CVE-2009-2412
CVE-2009-2699
CVE-2009-3094
CVE-2009-3095
CVE-2009-3555
CVE-2009-3560
CVE-2009-3720
CVE-2010-0408
CVE-2010-0425
CVE-2010-0434
CVE-2010-0624
CVE-2010-1452
CVE-2010-1623
CVE-2010-2068
CVE-2011-1176
CVE-2011-3192
CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053
CVE-2012-2687
CVE-2012-3499
CVE-2012-3502
CVE-2013-1896
CVE-2013-2249
CVE-2013-5704
CVE-2013-6438
CVE-2014-0098
CVE-2014-0117
CVE-2014-0118
CVE-2014-0226
CVE-2014-0231
CVE-2014-3523
CVE-2014-3581
CVE-2014-3583
CVE-2014-5044
CVE-2014-8109
CVE-2014-9112
CVE-2015-0228
CVE-2015-0253
CVE-2015-4000
CVE-2015-5276
CVE-2016-0736
CVE-2016-10028
CVE-2016-10029
CVE-2016-10155
CVE-2016-1546
CVE-2016-2037
CVE-2016-2161
CVE-2016-4979
CVE-2016-5387
CVE-2016-6329
CVE-2016-8740
CVE-2016-8743
CVE-2016-9921
CVE-2016-9922
CVE-2017-11188
CVE-2017-11478
CVE-2017-11523
CVE-2017-11527
CVE-2017-11535
CVE-2017-11640
CVE-2017-11752
CVE-2017-12140
CVE-2017-12435
CVE-2017-12587
CVE-2017-12644
CVE-2017-12662
CVE-2017-12669
CVE-2017-12983
CVE-2017-13134
CVE-2017-13769
CVE-2017-14138
CVE-2017-14172
CVE-2017-14173
CVE-2017-14175
CVE-2017-14341
CVE-2017-14342
CVE-2017-14531
CVE-2017-14607
CVE-2017-14682
CVE-2017-14733
CVE-2017-14989
CVE-2017-15217
CVE-2017-15930
CVE-2017-16545
CVE-2017-16546
CVE-2017-16669
CVE-2017-17833
CVE-2017-18255
CVE-2017-2615
CVE-2017-2620
CVE-2017-3167
CVE-2017-3169
CVE-2017-3302
CVE-2017-3313
CVE-2017-5525
CVE-2017-5526
CVE-2017-5552
CVE-2017-5578
CVE-2017-5667
CVE-2017-5856
CVE-2017-5857
CVE-2017-5898
CVE-2017-7478
CVE-2017-7479
CVE-2017-7679
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-12327
CVE-2018-21008
CVE-2018-3639
CVE-2018-3640
CVE-2018-5390
CVE-2018-7169
CVE-2018-7170
CVE-2019-11091
CVE-2019-11708
CVE-2019-14615
CVE-2019-14895
CVE-2019-14896
CVE-2019-14897
CVE-2019-14901
CVE-2019-15213
CVE-2019-18660
CVE-2019-18675
CVE-2019-18683
CVE-2019-19052
CVE-2019-19062
CVE-2019-19066
CVE-2019-19073
CVE-2019-19074
CVE-2019-19319
CVE-2019-19332
CVE-2019-19447
CVE-2019-19523
CVE-2019-19524
CVE-2019-19525
CVE-2019-19527
CVE-2019-19530
CVE-2019-19531
CVE-2019-19532
CVE-2019-19533
CVE-2019-19534
CVE-2019-19535
CVE-2019-19536
CVE-2019-19537
CVE-2019-19767
CVE-2019-19768
CVE-2019-19965
CVE-2019-19966
CVE-2019-20054
CVE-2019-20096
CVE-2019-3701
CVE-2019-5108
CVE-2019-9455
CVE-2019-9458
CVE-2020-10690
CVE-2020-10720
CVE-2020-10942
CVE-2020-11494
CVE-2020-11608
CVE-2020-11609
CVE-2020-12243
CVE-2020-15708
CVE-2020-25637
CVE-2020-2732
CVE-2020-8647
CVE-2020-8648
CVE-2020-8649
CVE-2020-8992
CVE-2020-9383
SUSE-SU-2017:0625-1
SUSE-SU-2017:1315-1
SUSE-SU-2017:1622-1
SUSE-SU-2017:3388-1
SUSE-SU-2018:0662-1
SUSE-SU-2018:1935-1
SUSE-SU-2018:2991-1
SUSE-SU-2019:1425-1
SUSE-SU-2019:1684-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:3143-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • kbd-2.0.4-lp150.6 is installed
  • OR kbd-legacy-2.0.4-lp150.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND squid-4.8-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.17 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.17 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • MozillaFirefox-60.7.2-109.80 is installed
  • OR MozillaFirefox-devel-60.7.2-109.80 is installed
  • OR MozillaFirefox-translations-common-60.7.2-109.80 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • ntp-4.2.8p12-64.8 is installed
  • OR ntp-doc-4.2.8p12-64.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND ucode-intel-20180703-13.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache2-2.4.23-28 is installed
  • OR apache2-doc-2.4.23-28 is installed
  • OR apache2-example-pages-2.4.23-28 is installed
  • OR apache2-prefork-2.4.23-28 is installed
  • OR apache2-utils-2.4.23-28 is installed
  • OR apache2-worker-2.4.23-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libgcrypt-1.6.1-16.68 is installed
  • OR libgcrypt20-1.6.1-16.68 is installed
  • OR libgcrypt20-32bit-1.6.1-16.68 is installed
  • OR libgcrypt20-hmac-1.6.1-16.68 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_61-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_19-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.6-25.21 is installed
  • OR python3-3.4.6-25.21 is installed
  • OR python3-base-3.4.6-25.21 is installed
  • OR python3-curses-3.4.6-25.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libmpfr4-3.1.2-7 is installed
  • OR libmpfr4-32bit-3.1.2-7 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • BACK