| Revision Date: | 2018-01-09 | Version: | 1 |
| Title: | Security update for ImageMagick (Moderate) |
| Description: |
This update for ImageMagick fixes several issues.
These security issues were fixed:
- CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948). - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425). - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902). - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1042948
1049373
1051412
1052252
1052771
1058082
1072902
1074122
1074425
1074610
CVE-2017-1000445
CVE-2017-1000476
CVE-2017-11449
CVE-2017-11751
CVE-2017-12430
CVE-2017-12642
CVE-2017-14249
CVE-2017-17680
CVE-2017-17882
CVE-2017-9409
SUSE-SU-2018:0055-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information
libMagickCore-6_Q16-1-6.8.8.1-71.23.1 is installed
OR libMagickWand-6_Q16-1-6.8.8.1-71.23.1 is installed
|