SUSE-SU-2017:1489-1 -- SLES ImageMagick, libMagickCore-6_Q16-1, libMagickWand-6_Q16-1ID: oval:org.secpod.oval:def:89044612 | Date: (C)2021-07-07 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file . - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file . Note that this only impacts the built-in SVG implementation. As we use the librsgv implementation, we are not affected. - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file . - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file . - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service via a crafted file . - CVE-2017-8352: denial of service via a crafted file - CVE-2017-8349: denial of service via a crafted file - CVE-2017-8350: denial of service via a crafted file - CVE-2017-8347: denial of service via a crafted file - CVE-2017-8348: denial of service via a crafted file - CVE-2017-8345: denial of service via a crafted file - CVE-2017-8346: denial of service via a crafted file - CVE-2017-8353: denial of service via a crafted file - CVE-2017-8354: denial of service via a crafted file - CVE-2017-8830: denial of service via a crafted file - CVE-2017-7606: denial of service or possibly have unspecified other impact via a crafted image - CVE-2017-8765: memory leak vulnerability via a crafted ICON file - CVE-2017-8356: denial of service via a crafted file - CVE-2017-8355: denial of service via a crafted file - CVE-2017-8344: denial of service via a crafted file - CVE-2017-8343: denial of service via a crafted file - CVE-2017-8357: denial of service via a crafted file - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
ImageMagick |
libMagickCore-6_Q16-1 |
libMagickWand-6_Q16-1 |