SUSE-SU-2016:1784-1 -- Suse ImageMagick
|ID: oval:org.secpod.oval:def:400810||Date: (C)2016-11-22 (M)2017-10-12|
|Class: PATCH||Family: unix|
ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. - CVE-2014-9811: Crash in xwd file handler . - CVE-2014-9812: NULL pointer dereference in ps file handling . - CVE-2014-9813: Crash on corrupted viff file . - CVE-2014-9814: NULL pointer dereference in wpg file handling . - CVE-2014-9815: Crash on corrupted wpg file . - CVE-2014-9816: Out of bound access in viff image . - CVE-2014-9817: Heap buffer overflow in pdb file handling . - CVE-2014-9818: Out of bound access on malformed sun file . - CVE-2014-9819: Heap overflow in palm files . - CVE-2014-9830: Handling of corrupted sun file . - CVE-2014-9831: Handling of corrupted wpg file . - CVE-2014-9850: Incorrect thread limit logic . - CVE-2014-9851: Crash when parsing resource block . - CVE-2014-9852: Incorrect usage of object after it has been destroyed . - CVE-2014-9853: Memory leak in rle file handling . - CVE-2015-8902: PDB file DoS . - CVE-2015-8903: Denial of service in vicar . - CVE-2015-8900: HDR file DoS . - CVE-2015-8901: MIFF file DoS . - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG . - CVE-2014-9834: Heap overflow in pict file . - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. - CVE-2016-5687: Out of bounds read in DDS coder . - CVE-2014-9838: Out of memory crash in magick/cache.c . - CVE-2014-9854: Filling memory during identification of TIFF image . - CVE-2015-8898: Prevent null pointer access in magick/constitute.c . - CVE-2014-9833: Heap overflow in psd file . - CVE-2015-8894: Double free in coders/tga.c:221 . - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c . - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 . - CVE-2015-8897: Out of bounds error in SpliceImage . - CVE-2016-5690: Bad foor loop in DCM coder . - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder . - CVE-2014-9836: Crash in xpm file handling . - CVE-2014-9808: SEGV due to corrupted dpc images. - CVE-2014-9821: Avoid heap overflow in pnm files. - CVE-2014-9820: Heap overflow in xpm files . - CVE-2014-9823: Heap overflow in palm file . - CVE-2014-9822: Heap overflow in quantum file . - CVE-2014-9825: Heap overflow in corrupted psd file . - CVE-2014-9824: Heap overflow in psd file . - CVE-2014-9809: SEGV due to corrupted xwd images. - CVE-2014-9826: Incorrect error handling in sun files . - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels . - CVE-2014-9842: Memory leak in psd handling . - CVE-2014-9841: Throwing of exceptions in psd handling . - CVE-2014-9840: Out of bound access in palm file . - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder . - CVE-2014-9846: Added checks to prevent overflow in rle file. - CVE-2014-9845: Crash due to corrupted dib file . - CVE-2014-9844: Out of bound issue in rle file . - CVE-2014-9849: Crash in png coder . - CVE-2014-9848: Memory leak in quantum management . - CVE-2014-9807: Double free in pdb coder. - CVE-2014-9829: Out of bound access in sun file . - CVE-2014-9832: Heap overflow in pcx file . - CVE-2014-9805: SEGV due to a corrupted pnm file. - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h . - CVE-2016-5689: NULL ptr dereference in dcm coder . - CVE-2014-9837: Additional PNM sanity checks . - CVE-2014-9835: Heap overflow in wpf file . - CVE-2014-9828: Corrupted psd file . - CVE-2016-5841: Integer overflow could have read to RCE . - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak .
|SUSE Linux Enterprise Server 12 SP1|
|SUSE Linux Enterprise Desktop 12 SP1|