Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2073-1 Final 1 1 2016-08-15T09:55:22Z current 2016-08-15T09:55:22Z 2016-08-15T09:55:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752) - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309) - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455) - CVE-2014-9846: Overflow in rle file (boo#983521) - CVE-2015-8894: Double free in TGA code (boo#983523) - CVE-2015-8896: Double free / integer truncation issue (boo#983533) - CVE-2014-9807: Double free in pdb coder (boo#983794) - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799) - CVE-2014-9819: Heap overflow in palm files (boo#984142) - CVE-2014-9835: Heap overflow in wpf file (boo#984145) - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375) - CVE-2014-9820: heap overflow in xpm files (boo#984150) - CVE-2014-9837: Additional PNM sanity checks (boo#984166) - CVE-2014-9815: Crash on corrupted wpg file (boo#984372) - CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379) - CVE-2014-9845: Crash due to corrupted dib file (boo#984394) - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400) - CVE-2014-9853: Memory leak in rle file handling (boo#984408) - CVE-2014-9834: Heap overflow in pict file (boo#984436) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442) - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html E-Mail link for openSUSE-SU-2016:2073-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 GraphicsMagick-1.3.21-11.1 GraphicsMagick-devel-1.3.21-11.1 libGraphicsMagick++-Q16-11-1.3.21-11.1 libGraphicsMagick++-devel-1.3.21-11.1 libGraphicsMagick-Q16-3-1.3.21-11.1 libGraphicsMagick3-config-1.3.21-11.1 libGraphicsMagickWand-Q16-2-1.3.21-11.1 perl-GraphicsMagick-1.3.21-11.1 GraphicsMagick-1.3.21-11.1 as a component of openSUSE Leap 42.1 GraphicsMagick-devel-1.3.21-11.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-Q16-11-1.3.21-11.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-devel-1.3.21-11.1 as a component of openSUSE Leap 42.1 libGraphicsMagick-Q16-3-1.3.21-11.1 as a component of openSUSE Leap 42.1 libGraphicsMagick3-config-1.3.21-11.1 as a component of openSUSE Leap 42.1 libGraphicsMagickWand-Q16-2-1.3.21-11.1 as a component of openSUSE Leap 42.1 perl-GraphicsMagick-1.3.21-11.1 as a component of openSUSE Leap 42.1 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. CVE-2014-9805 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9805.html CVE-2014-9805 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983752 SUSE Bug 983752 The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. CVE-2014-9807 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9807.html CVE-2014-9807 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983794 SUSE Bug 983794 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. CVE-2014-9809 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9809.html CVE-2014-9809 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983799 SUSE Bug 983799 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. CVE-2014-9815 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9815.html CVE-2014-9815 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984372 SUSE Bug 984372 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. CVE-2014-9817 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9817.html CVE-2014-9817 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984400 SUSE Bug 984400 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. CVE-2014-9819 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9819.html CVE-2014-9819 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984142 SUSE Bug 984142 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. CVE-2014-9820 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9820.html CVE-2014-9820 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984150 SUSE Bug 984150 coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. CVE-2014-9831 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9831.html CVE-2014-9831 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984375 SUSE Bug 984375 Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. CVE-2014-9834 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9834.html CVE-2014-9834 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984436 SUSE Bug 984436 Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. CVE-2014-9835 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9835.html CVE-2014-9835 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984145 SUSE Bug 984145 https://bugzilla.suse.com/984375 SUSE Bug 984375 coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. CVE-2014-9837 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9837.html CVE-2014-9837 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984166 SUSE Bug 984166 magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). CVE-2014-9839 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9839.html CVE-2014-9839 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984379 SUSE Bug 984379 The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. CVE-2014-9845 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9845.html CVE-2014-9845 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984394 SUSE Bug 984394 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. CVE-2014-9846 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9846.html CVE-2014-9846 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983521 SUSE Bug 983521 https://bugzilla.suse.com/984408 SUSE Bug 984408 Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. CVE-2014-9853 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2014-9853.html CVE-2014-9853 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984408 SUSE Bug 984408 Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. CVE-2015-8894 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2015-8894.html CVE-2015-8894 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983523 SUSE Bug 983523 https://bugzilla.suse.com/983533 SUSE Bug 983533 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. CVE-2015-8896 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2015-8896.html CVE-2015-8896 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983533 SUSE Bug 983533 Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. CVE-2016-2317 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2016-2317.html CVE-2016-2317 https://bugzilla.suse.com/965853 SUSE Bug 965853 https://bugzilla.suse.com/999673 SUSE Bug 999673 GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. CVE-2016-2318 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2016-2318.html CVE-2016-2318 https://bugzilla.suse.com/1047356 SUSE Bug 1047356 https://bugzilla.suse.com/965853 SUSE Bug 965853 The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. CVE-2016-5240 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2016-5240.html CVE-2016-5240 https://bugzilla.suse.com/983309 SUSE Bug 983309 magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. CVE-2016-5241 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2016-5241.html CVE-2016-5241 https://bugzilla.suse.com/983455 SUSE Bug 983455 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. CVE-2016-5688 openSUSE Leap 42.1:GraphicsMagick-1.3.21-11.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-11.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-11.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-11.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html https://www.suse.com/security/cve/CVE-2016-5688.html CVE-2016-5688 https://bugzilla.suse.com/985442 SUSE Bug 985442