SUSE-SU-2017:3435-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20173435-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:3435-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:3435-1
Related
Published
2017-12-27T09:55:41Z
Modified
2017-12-27T09:55:41Z
Summary
Security update for GraphicsMagick
Details

This update for GraphicsMagick fixes the following issues:

  • CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c could lead to denial of service [bsc#1050632]
  • CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]
  • CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead to denial of service [bsc#1058637]
  • CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could lead to denial of service [bsc#1067181]
  • CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]
  • CVE-2017-16669: coders/wpg.c allows remote attackers to cause a denial of service via crafted file [bsc#1067409]
  • CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056429]
  • CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056426]
  • CVE-2017-13134: heap-based buffer over-read in the function SFWScan in coders/sfw.c could lead to denial of service via a crafted file [bsc#1055214]
  • CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]
  • CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. [bsc#1054757]
  • CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. [bsc#1057508]
  • CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function in coders\pwp.c. [bsc#1052450]
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / GraphicsMagick

Package

Name
GraphicsMagick
Purl
purl:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.5-4.78.19.1

Ecosystem specific

{
    "binaries": [
        {
            "perl-GraphicsMagick": "1.2.5-4.78.19.1",
            "GraphicsMagick": "1.2.5-4.78.19.1",
            "libGraphicsMagick2": "1.2.5-4.78.19.1"
        }
    ]
}

SUSE:Studio Onsite 1.3 / GraphicsMagick

Package

Name
GraphicsMagick
Purl
purl:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.5-4.78.19.1

Ecosystem specific

{
    "binaries": [
        {
            "GraphicsMagick": "1.2.5-4.78.19.1",
            "libGraphicsMagick2": "1.2.5-4.78.19.1"
        }
    ]
}