Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2641-1 Final 1 1 2016-10-26T08:24:52Z current 2016-10-26T08:24:52Z 2016-10-26T08:24:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out of bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449: various issues fixed in 1.3.25 (bsc#999673) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - Divide by zero in WriteTIFFImage (bsc#1002206) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html E-Mail link for openSUSE-SU-2016:2641-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 GraphicsMagick-1.3.20-12.1 GraphicsMagick-debuginfo-1.3.20-12.1 GraphicsMagick-debugsource-1.3.20-12.1 GraphicsMagick-devel-1.3.20-12.1 libGraphicsMagick++-Q16-3-1.3.20-12.1 libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 libGraphicsMagick++-devel-1.3.20-12.1 libGraphicsMagick-Q16-3-1.3.20-12.1 libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 libGraphicsMagick3-config-1.3.20-12.1 libGraphicsMagickWand-Q16-2-1.3.20-12.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 perl-GraphicsMagick-1.3.20-12.1 perl-GraphicsMagick-debuginfo-1.3.20-12.1 GraphicsMagick-1.3.20-12.1 as a component of openSUSE 13.2 GraphicsMagick-debuginfo-1.3.20-12.1 as a component of openSUSE 13.2 GraphicsMagick-debugsource-1.3.20-12.1 as a component of openSUSE 13.2 GraphicsMagick-devel-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick++-Q16-3-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick++-devel-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick-Q16-3-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagick3-config-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagickWand-Q16-2-1.3.20-12.1 as a component of openSUSE 13.2 libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 as a component of openSUSE 13.2 perl-GraphicsMagick-1.3.20-12.1 as a component of openSUSE 13.2 perl-GraphicsMagick-debuginfo-1.3.20-12.1 as a component of openSUSE 13.2 Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. CVE-2015-8957 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2015-8957.html CVE-2015-8957 https://bugzilla.suse.com/1000690 SUSE Bug 1000690 https://bugzilla.suse.com/1000691 SUSE Bug 1000691 coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. CVE-2015-8958 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2015-8958.html CVE-2015-8958 https://bugzilla.suse.com/1000690 SUSE Bug 1000690 https://bugzilla.suse.com/1000691 SUSE Bug 1000691 https://bugzilla.suse.com/1000694 SUSE Bug 1000694 https://bugzilla.suse.com/1028079 SUSE Bug 1028079 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. CVE-2016-5688 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-5688.html CVE-2016-5688 https://bugzilla.suse.com/985442 SUSE Bug 985442 Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. CVE-2016-6823 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.8 AV:N/AC:M/Au:N/C:N/I:P/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-6823.html CVE-2016-6823 https://bugzilla.suse.com/1001066 SUSE Bug 1001066 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. CVE-2016-7101 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7101.html CVE-2016-7101 https://bugzilla.suse.com/1001221 SUSE Bug 1001221 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. CVE-2016-7446 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7446.html CVE-2016-7446 https://bugzilla.suse.com/999673 SUSE Bug 999673 Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. CVE-2016-7447 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7447.html CVE-2016-7447 https://bugzilla.suse.com/999673 SUSE Bug 999673 The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. CVE-2016-7448 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7448.html CVE-2016-7448 https://bugzilla.suse.com/999673 SUSE Bug 999673 The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. CVE-2016-7449 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7449.html CVE-2016-7449 https://bugzilla.suse.com/999673 SUSE Bug 999673 The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. CVE-2016-7515 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7515.html CVE-2016-7515 https://bugzilla.suse.com/1000689 SUSE Bug 1000689 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. CVE-2016-7516 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7516.html CVE-2016-7516 https://bugzilla.suse.com/1000692 SUSE Bug 1000692 https://bugzilla.suse.com/1000693 SUSE Bug 1000693 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. CVE-2016-7517 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7517.html CVE-2016-7517 https://bugzilla.suse.com/1000693 SUSE Bug 1000693 The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. CVE-2016-7519 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7519.html CVE-2016-7519 https://bugzilla.suse.com/1000689 SUSE Bug 1000689 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. CVE-2016-7522 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7522.html CVE-2016-7522 https://bugzilla.suse.com/1000698 SUSE Bug 1000698 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2016-7524 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7524.html CVE-2016-7524 https://bugzilla.suse.com/1000700 SUSE Bug 1000700 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. CVE-2016-7526 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7526.html CVE-2016-7526 https://bugzilla.suse.com/1000436 SUSE Bug 1000436 https://bugzilla.suse.com/1000702 SUSE Bug 1000702 coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. CVE-2016-7527 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7527.html CVE-2016-7527 https://bugzilla.suse.com/1000436 SUSE Bug 1000436 https://bugzilla.suse.com/1000702 SUSE Bug 1000702 The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. CVE-2016-7528 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7528.html CVE-2016-7528 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. CVE-2016-7529 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7529.html CVE-2016-7529 https://bugzilla.suse.com/1000399 SUSE Bug 1000399 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 https://bugzilla.suse.com/1000703 SUSE Bug 1000703 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. CVE-2016-7531 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7531.html CVE-2016-7531 https://bugzilla.suse.com/1000704 SUSE Bug 1000704 The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. CVE-2016-7533 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7533.html CVE-2016-7533 https://bugzilla.suse.com/1000707 SUSE Bug 1000707 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. CVE-2016-7537 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7537.html CVE-2016-7537 https://bugzilla.suse.com/1000711 SUSE Bug 1000711 Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. CVE-2016-7800 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7800.html CVE-2016-7800 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. CVE-2016-7996 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7996.html CVE-2016-7996 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. CVE-2016-7997 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-7997.html CVE-2016-7997 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. CVE-2016-8682 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-8682.html CVE-2016-8682 https://bugzilla.suse.com/1005125 SUSE Bug 1005125 The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8683 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-8683.html CVE-2016-8683 https://bugzilla.suse.com/1005127 SUSE Bug 1005127 The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8684 openSUSE 13.2:GraphicsMagick-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debuginfo-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-debugsource-1.3.20-12.1 openSUSE 13.2:GraphicsMagick-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick++-devel-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1 openSUSE 13.2:libGraphicsMagick3-config-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-1.3.20-12.1 openSUSE 13.2:libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-1.3.20-12.1 openSUSE 13.2:perl-GraphicsMagick-debuginfo-1.3.20-12.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html https://www.suse.com/security/cve/CVE-2016-8684.html CVE-2016-8684 https://bugzilla.suse.com/1005123 SUSE Bug 1005123