This update for GraphicsMagick fixes several issues.
These security issues were fixed:
CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in
coders/xcf.c via a crafted xcf image file (bsc#1058422)
CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote
attackers to cause a denial of service (memory consumption) via a
crafted file (bsc#1058422)
CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage
function in coders/pnm.c. The vulnerability caused a big memory
allocation, which may have lead to remote denial of service in the
MagickRealloc function in magick/memory.c (bsc#1056550)
CVE-2017-13061: A length-validation vulnerability in the function
ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a
denial of service (ReadPSDImage memory exhaustion) via a crafted file
(bsc#1055063)
CVE-2017-12563: A memory exhaustion vulnerability in the function
ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service
(bsc#1052460)
CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due
to lack of an EOF (End of File) check might have caused huge CPU
consumption. When a crafted PSD file, which claims a large 'length'
field in the header but did not contain sufficient backing data, is
provided, the loop over 'length' would consume huge CPU resources,
since there is no EOF check inside the loop (bsc#1057723)
CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized
when processing a GIF file that has neither a global nor local palette. If this
functionality was used as a library loaded into a process that operates on
interesting data, this data sometimes could have been leaked via the
uninitialized palette (bsc#1063050)
CVE-2017-14733: ReadRLEImage in coders/rle.c mishandled RLE headers that
specified too few colors, which allowed remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a crafted file
(bsc#1060577).
CVE-2017-12662: Fixed a memory leak vulnerability in WritePDFImage in
coders/pdf.c (bsc#1052758).
CVE-2017-14994: ReadDCMImage in coders/dcm.c allowed remote attackers to
cause a denial of service (NULL pointer dereference) via a crafted DICOM image,
related to the ability of DCM_ReadNonNativeImages to yield an image list
with zero frames (bsc#1061587).
CVE-2017-12140: The ReadDCMImage function in coders\dcm.c had an integer
signedness error leading to excessive memory consumption via a crafted DCM file
(bsc#1051847).
CVE-2017-12644: Fixed memory leak vulnerability in ReadDCMImage in
coders\dcm.c (bsc#1052764).
CVE-2017-11188: The ReadDPXImage function in coders\dpx.c had a large loop
vulnerability that can cause CPU exhaustion via a crafted DPX file, related to
lack of an EOF check (bsc#1048457).
CVE-2017-10799: When processing a DPX image (with metadata indicating a large
width) in coders/dpx.c, a denial of service (OOM) could have occurred in
ReadDPXImage() (bsc#1047054).
CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not
validate blob sizes, which allowed remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via an
image received from stdin (bsc#1049373).
CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage()
function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129).
CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in
coders/mpc.c allowed attackers to cause DoS (bsc#1052252).
CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in
coders\mpc.c via crafted file allowing for DoS (bsc#1052771).
CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that
lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c
allowed remote attackers to cause a denial of service via a crafted file
(bsc#1058082).
CVE-2017-16547: The DrawImage function in magick/render.c did not properly
look for pop keywords that are associated with push keywords, which allowed
remote attackers to cause a denial of service (negative strncpy and application
crash) or possibly have unspecified other impact via a crafted file
(bsc#1067177).
Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)
CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a
denial of service (OOM) in ReadMATImage() if the size specified for a MAT
Object was larger than the actual amount of data (bsc#1047044).
CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in
MagickWand/montage.c (bsc#1074975).
CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in
coders/rla.c (bsc#1074969).