Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0025-1 Final 1 1 2018-01-05T11:24:25Z current 2018-01-05T11:24:25Z 2018-01-05T11:24:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large 'length' field in the header but does not contain sufficient backing data, is provided, the loop over \'length\' would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html E-Mail link for openSUSE-SU-2018:0025-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 ImageMagick-6.8.8.1-43.1 ImageMagick-devel-6.8.8.1-43.1 ImageMagick-devel-32bit-6.8.8.1-43.1 ImageMagick-doc-6.8.8.1-43.1 ImageMagick-extra-6.8.8.1-43.1 libMagick++-6_Q16-3-6.8.8.1-43.1 libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 libMagick++-devel-6.8.8.1-43.1 libMagick++-devel-32bit-6.8.8.1-43.1 libMagickCore-6_Q16-1-6.8.8.1-43.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 libMagickWand-6_Q16-1-6.8.8.1-43.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 perl-PerlMagick-6.8.8.1-43.1 ImageMagick-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 ImageMagick-doc-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 ImageMagick-extra-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagick++-devel-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagick++-devel-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 perl-PerlMagick-6.8.8.1-43.1 as a component of openSUSE Leap 42.2 ImageMagick-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 ImageMagick-doc-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 ImageMagick-extra-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagick++-devel-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagick++-devel-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 perl-PerlMagick-6.8.8.1-43.1 as a component of openSUSE Leap 42.3 In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. CVE-2017-12563 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-12563.html CVE-2017-12563 https://bugzilla.suse.com/1052460 SUSE Bug 1052460 https://bugzilla.suse.com/1072901 SUSE Bug 1072901 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. CVE-2017-12691 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-12691.html CVE-2017-12691 https://bugzilla.suse.com/1053955 SUSE Bug 1053955 https://bugzilla.suse.com/1058422 SUSE Bug 1058422 https://bugzilla.suse.com/1082363 SUSE Bug 1082363 In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. CVE-2017-13061 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-13061.html CVE-2017-13061 https://bugzilla.suse.com/1055063 SUSE Bug 1055063 https://bugzilla.suse.com/1072901 SUSE Bug 1072901 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. CVE-2017-13062 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-13062.html CVE-2017-13062 https://bugzilla.suse.com/1055053 SUSE Bug 1055053 https://bugzilla.suse.com/1055055 SUSE Bug 1055055 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. CVE-2017-14042 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-14042.html CVE-2017-14042 https://bugzilla.suse.com/1054598 SUSE Bug 1054598 https://bugzilla.suse.com/1054600 SUSE Bug 1054600 https://bugzilla.suse.com/1056550 SUSE Bug 1056550 https://bugzilla.suse.com/1059721 SUSE Bug 1059721 In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. CVE-2017-14174 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-14174.html CVE-2017-14174 https://bugzilla.suse.com/1057723 SUSE Bug 1057723 https://bugzilla.suse.com/1072901 SUSE Bug 1072901 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. CVE-2017-14343 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-14343.html CVE-2017-14343 https://bugzilla.suse.com/1058422 SUSE Bug 1058422 https://bugzilla.suse.com/1082363 SUSE Bug 1082363 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. CVE-2017-15277 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-15277.html CVE-2017-15277 https://bugzilla.suse.com/1063050 SUSE Bug 1063050 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." CVE-2017-15281 openSUSE Leap 42.2:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-43.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-43.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-43.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00017.html https://www.suse.com/security/cve/CVE-2017-15281.html CVE-2017-15281 https://bugzilla.suse.com/1063049 SUSE Bug 1063049 https://bugzilla.suse.com/1072901 SUSE Bug 1072901