Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0496-1 Final 1 1 2018-02-20T12:29:54Z current 2018-02-20T12:29:54Z 2018-02-20T12:29:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: * CVE-2017-11637: Fixed a NULL pointer dereference in WritePCLImage() in coders/pcl.c (boo#1050669) * CVE-2017-11638, CVE-2017-11642: Fixed a NULL pointer dereference in theWriteMAPImage() in coders/map.c (boo#1050617) * CVE-2017-17503: Fixed a heap-based buffer overflow in the ReadGRAYImage (boo#1072934) * CVE-2017-14060: Fixed a NULL Pointer Dereference issue in the ReadCUTImage function in coders/cut.c that could cause a Denial of Service (boo#1056768) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html E-Mail link for openSUSE-SU-2018:0496-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 GraphicsMagick-1.3.25-71.1 GraphicsMagick-devel-1.3.25-71.1 libGraphicsMagick++-Q16-12-1.3.25-71.1 libGraphicsMagick++-devel-1.3.25-71.1 libGraphicsMagick-Q16-3-1.3.25-71.1 libGraphicsMagick3-config-1.3.25-71.1 libGraphicsMagickWand-Q16-2-1.3.25-71.1 perl-GraphicsMagick-1.3.25-71.1 GraphicsMagick-1.3.25-71.1 as a component of openSUSE Leap 42.3 GraphicsMagick-devel-1.3.25-71.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-Q16-12-1.3.25-71.1 as a component of openSUSE Leap 42.3 libGraphicsMagick++-devel-1.3.25-71.1 as a component of openSUSE Leap 42.3 libGraphicsMagick-Q16-3-1.3.25-71.1 as a component of openSUSE Leap 42.3 libGraphicsMagick3-config-1.3.25-71.1 as a component of openSUSE Leap 42.3 libGraphicsMagickWand-Q16-2-1.3.25-71.1 as a component of openSUSE Leap 42.3 perl-GraphicsMagick-1.3.25-71.1 as a component of openSUSE Leap 42.3 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. CVE-2017-11637 openSUSE Leap 42.3:GraphicsMagick-1.3.25-71.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-71.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-71.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html https://www.suse.com/security/cve/CVE-2017-11637.html CVE-2017-11637 https://bugzilla.suse.com/1050669 SUSE Bug 1050669 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. CVE-2017-11638 openSUSE Leap 42.3:GraphicsMagick-1.3.25-71.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-71.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-71.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html https://www.suse.com/security/cve/CVE-2017-11638.html CVE-2017-11638 https://bugzilla.suse.com/1050617 SUSE Bug 1050617 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. CVE-2017-11642 openSUSE Leap 42.3:GraphicsMagick-1.3.25-71.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-71.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-71.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html https://www.suse.com/security/cve/CVE-2017-11642.html CVE-2017-11642 https://bugzilla.suse.com/1050617 SUSE Bug 1050617 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. CVE-2017-14060 openSUSE Leap 42.3:GraphicsMagick-1.3.25-71.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-71.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-71.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html https://www.suse.com/security/cve/CVE-2017-14060.html CVE-2017-14060 https://bugzilla.suse.com/1056768 SUSE Bug 1056768 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. CVE-2017-17503 openSUSE Leap 42.3:GraphicsMagick-1.3.25-71.1 openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick-Q16-3-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagick3-config-1.3.25-71.1 openSUSE Leap 42.3:libGraphicsMagickWand-Q16-2-1.3.25-71.1 openSUSE Leap 42.3:perl-GraphicsMagick-1.3.25-71.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00079.html https://www.suse.com/security/cve/CVE-2017-17503.html CVE-2017-17503 https://bugzilla.suse.com/1072934 SUSE Bug 1072934 https://bugzilla.suse.com/1073081 SUSE Bug 1073081 https://bugzilla.suse.com/1077737 SUSE Bug 1077737