Security update for GraphicsMagick
Announcement ID: | SUSE-SU-2018:0197-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 23 vulnerabilities can now be installed.
Description:
This update for GraphicsMagick fixes several issues.
These security issues were fixed:
- CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422)
- CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422)
- CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550)
- CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063)
- CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460)
- CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but did not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723)
- CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050)
- CVE-2017-14733: ReadRLEImage in coders/rle.c mishandled RLE headers that specified too few colors, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file (bsc#1060577).
- CVE-2017-12662: Fixed a memory leak vulnerability in WritePDFImage in coders/pdf.c (bsc#1052758).
- CVE-2017-14994: ReadDCMImage in coders/dcm.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames (bsc#1061587).
- CVE-2017-12140: The ReadDCMImage function in coders\dcm.c had an integer signedness error leading to excessive memory consumption via a crafted DCM file (bsc#1051847).
- CVE-2017-12644: Fixed memory leak vulnerability in ReadDCMImage in coders\dcm.c (bsc#1052764).
- CVE-2017-11188: The ReadDPXImage function in coders\dpx.c had a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check (bsc#1048457).
- CVE-2017-10799: When processing a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) could have occurred in ReadDPXImage() (bsc#1047054).
- CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373).
- CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129).
- CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252).
- CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771).
- CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082).
- CVE-2017-16547: The DrawImage function in magick/render.c did not properly look for pop keywords that are associated with push keywords, which allowed remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file (bsc#1067177).
- Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)
- CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044).
- CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975).
- CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Development Kit 11 SP4
zypper in -t patch sdksp4-GraphicsMagick-13435=1
-
SUSE Studio Onsite 1.3
zypper in -t patch slestso13-GraphicsMagick-13435=1
Package List:
-
SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- libGraphicsMagick2-1.2.5-4.78.28.2
- perl-GraphicsMagick-1.2.5-4.78.28.2
- GraphicsMagick-1.2.5-4.78.28.2
-
SUSE Studio Onsite 1.3 (x86_64)
- libGraphicsMagick2-1.2.5-4.78.28.2
- GraphicsMagick-1.2.5-4.78.28.2
References:
- https://www.suse.com/security/cve/CVE-2017-10799.html
- https://www.suse.com/security/cve/CVE-2017-10800.html
- https://www.suse.com/security/cve/CVE-2017-11188.html
- https://www.suse.com/security/cve/CVE-2017-11449.html
- https://www.suse.com/security/cve/CVE-2017-11532.html
- https://www.suse.com/security/cve/CVE-2017-12140.html
- https://www.suse.com/security/cve/CVE-2017-12430.html
- https://www.suse.com/security/cve/CVE-2017-12563.html
- https://www.suse.com/security/cve/CVE-2017-12642.html
- https://www.suse.com/security/cve/CVE-2017-12644.html
- https://www.suse.com/security/cve/CVE-2017-12662.html
- https://www.suse.com/security/cve/CVE-2017-12691.html
- https://www.suse.com/security/cve/CVE-2017-13061.html
- https://www.suse.com/security/cve/CVE-2017-14042.html
- https://www.suse.com/security/cve/CVE-2017-14174.html
- https://www.suse.com/security/cve/CVE-2017-14249.html
- https://www.suse.com/security/cve/CVE-2017-14343.html
- https://www.suse.com/security/cve/CVE-2017-14733.html
- https://www.suse.com/security/cve/CVE-2017-14994.html
- https://www.suse.com/security/cve/CVE-2017-15277.html
- https://www.suse.com/security/cve/CVE-2017-16547.html
- https://www.suse.com/security/cve/CVE-2017-18022.html
- https://www.suse.com/security/cve/CVE-2018-5247.html
- https://bugzilla.suse.com/show_bug.cgi?id=1047044
- https://bugzilla.suse.com/show_bug.cgi?id=1047054
- https://bugzilla.suse.com/show_bug.cgi?id=1048457
- https://bugzilla.suse.com/show_bug.cgi?id=1049373
- https://bugzilla.suse.com/show_bug.cgi?id=1050129
- https://bugzilla.suse.com/show_bug.cgi?id=1051412
- https://bugzilla.suse.com/show_bug.cgi?id=1051847
- https://bugzilla.suse.com/show_bug.cgi?id=1052252
- https://bugzilla.suse.com/show_bug.cgi?id=1052460
- https://bugzilla.suse.com/show_bug.cgi?id=1052758
- https://bugzilla.suse.com/show_bug.cgi?id=1052764
- https://bugzilla.suse.com/show_bug.cgi?id=1052771
- https://bugzilla.suse.com/show_bug.cgi?id=1055063
- https://bugzilla.suse.com/show_bug.cgi?id=1056550
- https://bugzilla.suse.com/show_bug.cgi?id=1057723
- https://bugzilla.suse.com/show_bug.cgi?id=1058082
- https://bugzilla.suse.com/show_bug.cgi?id=1058422
- https://bugzilla.suse.com/show_bug.cgi?id=1060577
- https://bugzilla.suse.com/show_bug.cgi?id=1061587
- https://bugzilla.suse.com/show_bug.cgi?id=1063050
- https://bugzilla.suse.com/show_bug.cgi?id=1067177
- https://bugzilla.suse.com/show_bug.cgi?id=1074969
- https://bugzilla.suse.com/show_bug.cgi?id=1074975