Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3524-1 Final 1 1 2018-10-26T18:26:48Z current 2018-10-26T18:26:48Z 2018-10-26T18:26:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399] - CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00079.html E-Mail link for openSUSE-SU-2018:3524-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ImageMagick-6.8.8.1-76.1 ImageMagick-devel-6.8.8.1-76.1 ImageMagick-devel-32bit-6.8.8.1-76.1 ImageMagick-doc-6.8.8.1-76.1 ImageMagick-extra-6.8.8.1-76.1 libMagick++-6_Q16-3-6.8.8.1-76.1 libMagick++-6_Q16-3-32bit-6.8.8.1-76.1 libMagick++-devel-6.8.8.1-76.1 libMagick++-devel-32bit-6.8.8.1-76.1 libMagickCore-6_Q16-1-6.8.8.1-76.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-76.1 libMagickWand-6_Q16-1-6.8.8.1-76.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-76.1 perl-PerlMagick-6.8.8.1-76.1 ImageMagick-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-32bit-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 ImageMagick-doc-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 ImageMagick-extra-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-32bit-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagick++-devel-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagick++-devel-32bit-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-32bit-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 perl-PerlMagick-6.8.8.1-76.1 as a component of openSUSE Leap 42.3 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. CVE-2017-14997 openSUSE Leap 42.3:ImageMagick-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-76.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-76.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00079.html https://www.suse.com/security/cve/CVE-2017-14997.html CVE-2017-14997 https://bugzilla.suse.com/1112399 SUSE Bug 1112399 https://bugzilla.suse.com/1117463 SUSE Bug 1117463 There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. CVE-2018-16644 openSUSE Leap 42.3:ImageMagick-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-76.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-76.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-76.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-76.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00079.html https://www.suse.com/security/cve/CVE-2018-16644.html CVE-2018-16644 https://bugzilla.suse.com/1107609 SUSE Bug 1107609 https://bugzilla.suse.com/1107612 SUSE Bug 1107612 https://bugzilla.suse.com/1117463 SUSE Bug 1117463