SUSE-SU-2018:0055-1 -- SLES ImageMagick, libMagickCore-6_Q16-1, libMagickWand-6_Q16-1ID: oval:org.secpod.oval:def:89043866 | Date: (C)2021-03-05 (M)2022-07-08 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service . - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service via a crafted file . - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service . - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file . - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file . - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via an image received from stdin . - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS . - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS . - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file . - Prevent memory leak via crafted file in pwp.c allowing for DoS
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
ImageMagick |
libMagickCore-6_Q16-1 |
libMagickWand-6_Q16-1 |