Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0218-1 Final 1 1 2018-01-25T16:07:30Z current 2018-01-25T16:07:30Z 2018-01-25T16:07:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html E-Mail link for openSUSE-SU-2018:0218-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 GraphicsMagick-1.3.25-60.1 GraphicsMagick-devel-1.3.25-60.1 libGraphicsMagick++-Q16-12-1.3.25-60.1 libGraphicsMagick++-devel-1.3.25-60.1 libGraphicsMagick-Q16-3-1.3.25-60.1 libGraphicsMagick3-config-1.3.25-60.1 libGraphicsMagickWand-Q16-2-1.3.25-60.1 perl-GraphicsMagick-1.3.25-60.1 GraphicsMagick-1.3.25-60.1 as a component of openSUSE Leap 42.2 GraphicsMagick-devel-1.3.25-60.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-Q16-12-1.3.25-60.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-devel-1.3.25-60.1 as a component of openSUSE Leap 42.2 libGraphicsMagick-Q16-3-1.3.25-60.1 as a component of openSUSE Leap 42.2 libGraphicsMagick3-config-1.3.25-60.1 as a component of openSUSE Leap 42.2 libGraphicsMagickWand-Q16-2-1.3.25-60.1 as a component of openSUSE Leap 42.2 perl-GraphicsMagick-1.3.25-60.1 as a component of openSUSE Leap 42.2 GraphicsMagick-1.3.25-60.1 as a component of openSUSE Leap 42.3 GraphicsMagick-devel-1.3.25-60.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-Q16-12-1.3.25-60.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-devel-1.3.25-60.1 as a component of openSUSE Leap 42.3 libGraphicsMagick-Q16-3-1.3.25-60.1 as a component of openSUSE Leap 42.3 libGraphicsMagick3-config-1.3.25-60.1 as a component of openSUSE Leap 42.3 libGraphicsMagickWand-Q16-2-1.3.25-60.1 as a component of openSUSE Leap 42.3 perl-GraphicsMagick-1.3.25-60.1 as a component of openSUSE Leap 42.3 The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. CVE-2017-11750 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-11750.html CVE-2017-11750 https://bugzilla.suse.com/1047910 SUSE Bug 1047910 https://bugzilla.suse.com/1051442 SUSE Bug 1051442 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. CVE-2017-12641 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-12641.html CVE-2017-12641 https://bugzilla.suse.com/1052777 SUSE Bug 1052777 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. CVE-2017-12673 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-12673.html CVE-2017-12673 https://bugzilla.suse.com/1052717 SUSE Bug 1052717 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. CVE-2017-12676 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-12676.html CVE-2017-12676 https://bugzilla.suse.com/1052708 SUSE Bug 1052708 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. CVE-2017-12935 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-12935.html CVE-2017-12935 https://bugzilla.suse.com/1054598 SUSE Bug 1054598 https://bugzilla.suse.com/1054600 SUSE Bug 1054600 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. CVE-2017-13142 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-13142.html CVE-2017-13142 https://bugzilla.suse.com/1055455 SUSE Bug 1055455 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. CVE-2017-13147 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-13147.html CVE-2017-13147 https://bugzilla.suse.com/1055374 SUSE Bug 1055374 The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. CVE-2017-14103 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-14103.html CVE-2017-14103 https://bugzilla.suse.com/1057000 SUSE Bug 1057000 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. CVE-2017-15218 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-15218.html CVE-2017-15218 https://bugzilla.suse.com/1047910 SUSE Bug 1047910 https://bugzilla.suse.com/1062752 SUSE Bug 1062752 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. CVE-2017-9261 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-9261.html CVE-2017-9261 https://bugzilla.suse.com/1043354 SUSE Bug 1043354 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. CVE-2017-9262 openSUSE Leap 42.2:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-1.3.25-60.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-60.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-60.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-60.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00090.html https://www.suse.com/security/cve/CVE-2017-9262.html CVE-2017-9262 https://bugzilla.suse.com/1043353 SUSE Bug 1043353