Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0087-1 Final 1 1 2018-01-15T10:00:21Z current 2018-01-15T10:00:21Z 2018-01-15T10:00:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720) - CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065) - CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731) - CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044) - CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434) - CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468) - CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710) - CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640) - CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123) - CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373) - CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129) - CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - Memory leak in pwp.c (boo#1051412) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html E-Mail link for openSUSE-SU-2018:0087-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 GraphicsMagick-1.3.25-57.1 GraphicsMagick-devel-1.3.25-57.1 libGraphicsMagick++-Q16-12-1.3.25-57.1 libGraphicsMagick++-devel-1.3.25-57.1 libGraphicsMagick-Q16-3-1.3.25-57.1 libGraphicsMagick3-config-1.3.25-57.1 libGraphicsMagickWand-Q16-2-1.3.25-57.1 perl-GraphicsMagick-1.3.25-57.1 GraphicsMagick-1.3.25-57.1 as a component of openSUSE Leap 42.2 GraphicsMagick-devel-1.3.25-57.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-Q16-12-1.3.25-57.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-devel-1.3.25-57.1 as a component of openSUSE Leap 42.2 libGraphicsMagick-Q16-3-1.3.25-57.1 as a component of openSUSE Leap 42.2 libGraphicsMagick3-config-1.3.25-57.1 as a component of openSUSE Leap 42.2 libGraphicsMagickWand-Q16-2-1.3.25-57.1 as a component of openSUSE Leap 42.2 perl-GraphicsMagick-1.3.25-57.1 as a component of openSUSE Leap 42.2 GraphicsMagick-1.3.25-57.1 as a component of openSUSE Leap 42.3 GraphicsMagick-devel-1.3.25-57.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-Q16-12-1.3.25-57.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-devel-1.3.25-57.1 as a component of openSUSE Leap 42.3 libGraphicsMagick-Q16-3-1.3.25-57.1 as a component of openSUSE Leap 42.3 libGraphicsMagick3-config-1.3.25-57.1 as a component of openSUSE Leap 42.3 libGraphicsMagickWand-Q16-2-1.3.25-57.1 as a component of openSUSE Leap 42.3 perl-GraphicsMagick-1.3.25-57.1 as a component of openSUSE Leap 42.3 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. CVE-2017-10800 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-10800.html CVE-2017-10800 https://bugzilla.suse.com/1047044 SUSE Bug 1047044 coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. CVE-2017-11449 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-11449.html CVE-2017-11449 https://bugzilla.suse.com/1049373 SUSE Bug 1049373 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. CVE-2017-11532 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-11532.html CVE-2017-11532 https://bugzilla.suse.com/1050129 SUSE Bug 1050129 https://bugzilla.suse.com/1050623 SUSE Bug 1050623 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. CVE-2017-12564 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-12564.html CVE-2017-12564 https://bugzilla.suse.com/1052468 SUSE Bug 1052468 In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. CVE-2017-12670 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-12670.html CVE-2017-12670 https://bugzilla.suse.com/1052731 SUSE Bug 1052731 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. CVE-2017-12672 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-12672.html CVE-2017-12672 https://bugzilla.suse.com/1052720 SUSE Bug 1052720 https://bugzilla.suse.com/1055434 SUSE Bug 1055434 In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. CVE-2017-12675 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-12675.html CVE-2017-12675 https://bugzilla.suse.com/1052710 SUSE Bug 1052710 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-13060 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-13060.html CVE-2017-13060 https://bugzilla.suse.com/1055065 SUSE Bug 1055065 https://bugzilla.suse.com/1055434 SUSE Bug 1055434 https://bugzilla.suse.com/1076021 SUSE Bug 1076021 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. CVE-2017-13648 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-13648.html CVE-2017-13648 https://bugzilla.suse.com/1054598 SUSE Bug 1054598 https://bugzilla.suse.com/1054600 SUSE Bug 1054600 https://bugzilla.suse.com/1055434 SUSE Bug 1055434 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-14326 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-14326.html CVE-2017-14326 https://bugzilla.suse.com/1058640 SUSE Bug 1058640 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. CVE-2017-16547 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-16547.html CVE-2017-16547 https://bugzilla.suse.com/1067177 SUSE Bug 1067177 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. CVE-2017-17881 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-17881.html CVE-2017-17881 https://bugzilla.suse.com/1074123 SUSE Bug 1074123 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. CVE-2017-18022 openSUSE Leap 42.2:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-57.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-57.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-57.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-57.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-18022.html CVE-2017-18022 https://bugzilla.suse.com/1074969 SUSE Bug 1074969 https://bugzilla.suse.com/1074975 SUSE Bug 1074975