Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0023-1 Final 1 1 2017-01-04T13:14:08Z current 2017-01-04T13:14:08Z 2017-01-04T13:14:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html E-Mail link for openSUSE-SU-2017:0023-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 ImageMagick-6.8.8.1-25.1 ImageMagick-devel-6.8.8.1-25.1 ImageMagick-devel-32bit-6.8.8.1-25.1 ImageMagick-doc-6.8.8.1-25.1 ImageMagick-extra-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 libMagick++-devel-6.8.8.1-25.1 libMagick++-devel-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 perl-PerlMagick-6.8.8.1-25.1 ImageMagick-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 ImageMagick-devel-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 ImageMagick-devel-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 ImageMagick-doc-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 ImageMagick-extra-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagick++-6_Q16-3-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagick++-devel-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagick++-devel-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 perl-PerlMagick-6.8.8.1-25.1 as a component of openSUSE Leap 42.1 ImageMagick-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 ImageMagick-doc-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 ImageMagick-extra-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagick++-devel-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagick++-devel-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 perl-PerlMagick-6.8.8.1-25.1 as a component of openSUSE Leap 42.2 Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). CVE-2014-9848 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2014-9848.html CVE-2014-9848 https://bugzilla.suse.com/982969 SUSE Bug 982969 https://bugzilla.suse.com/984404 SUSE Bug 984404 An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. CVE-2016-8707 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2016-8707.html CVE-2016-8707 https://bugzilla.suse.com/1014159 SUSE Bug 1014159 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. CVE-2016-8866 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2016-8866.html CVE-2016-8866 https://bugzilla.suse.com/1007245 SUSE Bug 1007245 https://bugzilla.suse.com/1009318 SUSE Bug 1009318 https://bugzilla.suse.com/1031267 SUSE Bug 1031267 The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. CVE-2016-9556 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2016-9556.html CVE-2016-9556 https://bugzilla.suse.com/1011130 SUSE Bug 1011130 https://bugzilla.suse.com/1013376 SUSE Bug 1013376 coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. CVE-2016-9559 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2016-9559.html CVE-2016-9559 https://bugzilla.suse.com/1011136 SUSE Bug 1011136 Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. CVE-2016-9773 openSUSE Leap 42.1:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-25.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-25.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-25.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html https://www.suse.com/security/cve/CVE-2016-9773.html CVE-2016-9773 https://bugzilla.suse.com/1011130 SUSE Bug 1011130 https://bugzilla.suse.com/1013376 SUSE Bug 1013376 https://bugzilla.suse.com/1017421 SUSE Bug 1017421