[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1784-1 -- Suse ImageMagick

ID: oval:org.secpod.oval:def:400810Date: (C)2016-11-22   (M)2017-10-12
Class: PATCHFamily: unix




ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. - CVE-2014-9811: Crash in xwd file handler . - CVE-2014-9812: NULL pointer dereference in ps file handling . - CVE-2014-9813: Crash on corrupted viff file . - CVE-2014-9814: NULL pointer dereference in wpg file handling . - CVE-2014-9815: Crash on corrupted wpg file . - CVE-2014-9816: Out of bound access in viff image . - CVE-2014-9817: Heap buffer overflow in pdb file handling . - CVE-2014-9818: Out of bound access on malformed sun file . - CVE-2014-9819: Heap overflow in palm files . - CVE-2014-9830: Handling of corrupted sun file . - CVE-2014-9831: Handling of corrupted wpg file . - CVE-2014-9850: Incorrect thread limit logic . - CVE-2014-9851: Crash when parsing resource block . - CVE-2014-9852: Incorrect usage of object after it has been destroyed . - CVE-2014-9853: Memory leak in rle file handling . - CVE-2015-8902: PDB file DoS . - CVE-2015-8903: Denial of service in vicar . - CVE-2015-8900: HDR file DoS . - CVE-2015-8901: MIFF file DoS . - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG . - CVE-2014-9834: Heap overflow in pict file . - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. - CVE-2016-5687: Out of bounds read in DDS coder . - CVE-2014-9838: Out of memory crash in magick/cache.c . - CVE-2014-9854: Filling memory during identification of TIFF image . - CVE-2015-8898: Prevent null pointer access in magick/constitute.c . - CVE-2014-9833: Heap overflow in psd file . - CVE-2015-8894: Double free in coders/tga.c:221 . - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c . - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 . - CVE-2015-8897: Out of bounds error in SpliceImage . - CVE-2016-5690: Bad foor loop in DCM coder . - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder . - CVE-2014-9836: Crash in xpm file handling . - CVE-2014-9808: SEGV due to corrupted dpc images. - CVE-2014-9821: Avoid heap overflow in pnm files. - CVE-2014-9820: Heap overflow in xpm files . - CVE-2014-9823: Heap overflow in palm file . - CVE-2014-9822: Heap overflow in quantum file . - CVE-2014-9825: Heap overflow in corrupted psd file . - CVE-2014-9824: Heap overflow in psd file . - CVE-2014-9809: SEGV due to corrupted xwd images. - CVE-2014-9826: Incorrect error handling in sun files . - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels . - CVE-2014-9842: Memory leak in psd handling . - CVE-2014-9841: Throwing of exceptions in psd handling . - CVE-2014-9840: Out of bound access in palm file . - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder . - CVE-2014-9846: Added checks to prevent overflow in rle file. - CVE-2014-9845: Crash due to corrupted dib file . - CVE-2014-9844: Out of bound issue in rle file . - CVE-2014-9849: Crash in png coder . - CVE-2014-9848: Memory leak in quantum management . - CVE-2014-9807: Double free in pdb coder. - CVE-2014-9829: Out of bound access in sun file . - CVE-2014-9832: Heap overflow in pcx file . - CVE-2014-9805: SEGV due to a corrupted pnm file. - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file . - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h . - CVE-2016-5689: NULL ptr dereference in dcm coder . - CVE-2014-9837: Additional PNM sanity checks . - CVE-2014-9835: Heap overflow in wpf file . - CVE-2014-9828: Corrupted psd file . - CVE-2016-5841: Integer overflow could have read to RCE . - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak .

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
Product:
ImageMagick
Reference:
SUSE-SU-2016:1784-1
CVE-2014-9805
CVE-2014-9806
CVE-2014-9807
CVE-2014-9808
CVE-2014-9809
CVE-2014-9810
CVE-2014-9811
CVE-2014-9812
CVE-2014-9813
CVE-2014-9814
CVE-2014-9815
CVE-2014-9816
CVE-2014-9817
CVE-2014-9818
CVE-2014-9819
CVE-2014-9820
CVE-2014-9821
CVE-2014-9822
CVE-2014-9823
CVE-2014-9824
CVE-2014-9825
CVE-2014-9826
CVE-2014-9828
CVE-2014-9829
CVE-2014-9830
CVE-2014-9831
CVE-2014-9832
CVE-2014-9833
CVE-2014-9834
CVE-2014-9835
CVE-2014-9836
CVE-2014-9837
CVE-2014-9838
CVE-2014-9839
CVE-2014-9840
CVE-2014-9841
CVE-2014-9842
CVE-2014-9843
CVE-2014-9844
CVE-2014-9845
CVE-2014-9846
CVE-2014-9847
CVE-2014-9848
CVE-2014-9849
CVE-2014-9850
CVE-2014-9851
CVE-2014-9852
CVE-2014-9853
CVE-2014-9854
CVE-2015-8894
CVE-2015-8895
CVE-2015-8896
CVE-2015-8897
CVE-2015-8898
CVE-2015-8900
CVE-2015-8901
CVE-2015-8902
CVE-2015-8903
CVE-2016-4562
CVE-2016-4563
CVE-2016-4564
CVE-2016-5687
CVE-2016-5688
CVE-2016-5689
CVE-2016-5690
CVE-2016-5691
CVE-2016-5841
CVE-2016-5842
CVE    68
CVE-2014-9844
CVE-2014-9841
CVE-2014-9843
CVE-2014-9842
...
CPE    487
cpe:/o:novell:leap:42.1
cpe:/a:imagemagick:imagemagick:6.6.8-0
cpe:/a:imagemagick:imagemagick:6.7.6-0
cpe:/a:imagemagick:imagemagick:6.7.6-1
...

© 2013 SecPod Technologies