Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3060-1 Final 1 1 2016-12-08T13:18:45Z current 2016-12-08T13:18:45Z 2016-12-08T13:18:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178) - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752]) - Prevent overflow in rle files (CVE-2014-9846, boo#983521) - Fix a double free in pdb coder (CVE-2014-9807, boo#983794) - Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799) - Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372) - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400) - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150) - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436) - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375) - Additional PNM sanity checks (CVE-2014-9837, boo#984166) - Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394) - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399) - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434) - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689) - Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698) - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704) - Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707) - Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711) - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066) - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221) - Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209) - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422) - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629) - Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123) - Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125) - Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127) - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245) - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html E-Mail link for openSUSE-SU-2016:3060-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 GraphicsMagick-1.3.25-3.1 GraphicsMagick-devel-1.3.25-3.1 libGraphicsMagick++-Q16-12-1.3.25-3.1 libGraphicsMagick++-devel-1.3.25-3.1 libGraphicsMagick-Q16-3-1.3.25-3.1 libGraphicsMagick3-config-1.3.25-3.1 libGraphicsMagickWand-Q16-2-1.3.25-3.1 perl-GraphicsMagick-1.3.25-3.1 GraphicsMagick-1.3.25-3.1 as a component of openSUSE Leap 42.2 GraphicsMagick-devel-1.3.25-3.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-Q16-12-1.3.25-3.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-devel-1.3.25-3.1 as a component of openSUSE Leap 42.2 libGraphicsMagick-Q16-3-1.3.25-3.1 as a component of openSUSE Leap 42.2 libGraphicsMagick3-config-1.3.25-3.1 as a component of openSUSE Leap 42.2 libGraphicsMagickWand-Q16-2-1.3.25-3.1 as a component of openSUSE Leap 42.2 perl-GraphicsMagick-1.3.25-3.1 as a component of openSUSE Leap 42.2 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. CVE-2014-9805 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9805.html CVE-2014-9805 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983752 SUSE Bug 983752 The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. CVE-2014-9807 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9807.html CVE-2014-9807 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983794 SUSE Bug 983794 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. CVE-2014-9809 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9809.html CVE-2014-9809 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983799 SUSE Bug 983799 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. CVE-2014-9815 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9815.html CVE-2014-9815 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984372 SUSE Bug 984372 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. CVE-2014-9817 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9817.html CVE-2014-9817 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984400 SUSE Bug 984400 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. CVE-2014-9820 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9820.html CVE-2014-9820 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984150 SUSE Bug 984150 coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. CVE-2014-9831 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9831.html CVE-2014-9831 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984375 SUSE Bug 984375 Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. CVE-2014-9834 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9834.html CVE-2014-9834 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984436 SUSE Bug 984436 Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. CVE-2014-9835 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9835.html CVE-2014-9835 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984145 SUSE Bug 984145 https://bugzilla.suse.com/984375 SUSE Bug 984375 coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. CVE-2014-9837 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9837.html CVE-2014-9837 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984166 SUSE Bug 984166 The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. CVE-2014-9845 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9845.html CVE-2014-9845 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984394 SUSE Bug 984394 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. CVE-2014-9846 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9846.html CVE-2014-9846 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/983521 SUSE Bug 983521 https://bugzilla.suse.com/984408 SUSE Bug 984408 Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. CVE-2014-9853 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2014-9853.html CVE-2014-9853 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984408 SUSE Bug 984408 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. CVE-2016-5118 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-5118.html CVE-2016-5118 https://bugzilla.suse.com/982178 SUSE Bug 982178 Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. CVE-2016-6823 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.8 AV:N/AC:M/Au:N/C:N/I:P/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-6823.html CVE-2016-6823 https://bugzilla.suse.com/1001066 SUSE Bug 1001066 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. CVE-2016-7101 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7101.html CVE-2016-7101 https://bugzilla.suse.com/1001221 SUSE Bug 1001221 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. CVE-2016-7515 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7515.html CVE-2016-7515 https://bugzilla.suse.com/1000689 SUSE Bug 1000689 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. CVE-2016-7522 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7522.html CVE-2016-7522 https://bugzilla.suse.com/1000698 SUSE Bug 1000698 The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. CVE-2016-7528 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7528.html CVE-2016-7528 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. CVE-2016-7529 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7529.html CVE-2016-7529 https://bugzilla.suse.com/1000399 SUSE Bug 1000399 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 https://bugzilla.suse.com/1000703 SUSE Bug 1000703 https://bugzilla.suse.com/1054924 SUSE Bug 1054924 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. CVE-2016-7531 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7531.html CVE-2016-7531 https://bugzilla.suse.com/1000704 SUSE Bug 1000704 The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. CVE-2016-7533 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7533.html CVE-2016-7533 https://bugzilla.suse.com/1000707 SUSE Bug 1000707 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. CVE-2016-7537 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7537.html CVE-2016-7537 https://bugzilla.suse.com/1000711 SUSE Bug 1000711 Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. CVE-2016-7800 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7800.html CVE-2016-7800 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. CVE-2016-7996 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7996.html CVE-2016-7996 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 https://bugzilla.suse.com/1067184 SUSE Bug 1067184 The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. CVE-2016-7997 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-7997.html CVE-2016-7997 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. CVE-2016-8682 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-8682.html CVE-2016-8682 https://bugzilla.suse.com/1005125 SUSE Bug 1005125 The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8683 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-8683.html CVE-2016-8683 https://bugzilla.suse.com/1005127 SUSE Bug 1005127 The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8684 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-8684.html CVE-2016-8684 https://bugzilla.suse.com/1005123 SUSE Bug 1005123 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. CVE-2016-8862 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-8862.html CVE-2016-8862 https://bugzilla.suse.com/1007245 SUSE Bug 1007245 https://bugzilla.suse.com/1009318 SUSE Bug 1009318 https://bugzilla.suse.com/1031267 SUSE Bug 1031267 The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. CVE-2016-9556 openSUSE Leap 42.2:GraphicsMagick-1.3.25-3.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-3.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-3.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html https://www.suse.com/security/cve/CVE-2016-9556.html CVE-2016-9556 https://bugzilla.suse.com/1011130 SUSE Bug 1011130 https://bugzilla.suse.com/1013376 SUSE Bug 1013376