Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2644-1 Final 1 1 2016-10-26T08:24:31Z current 2016-10-26T08:24:31Z 2016-10-26T08:24:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: - security update: * CVE-2016-8684 [boo#1005123] * CVE-2016-8682 [boo#1005125] * CVE-2016-8683 [boo#1005127] - security update: * CVE-2016-7529 [boo#1000399] * CVE-2016-7528 [boo#1000434] * CVE-2016-7515 [boo#1000689] * CVE-2016-7446 [boo#999673] * CVE-2016-7447 [boo#999673] * CVE-2016-7448 [boo#999673] * CVE-2016-7449 [boo#999673] * CVE-2016-7517 [boo#1000693] * CVE-2016-7519 [boo#1000695] * CVE-2016-7522 [boo#1000698] * CVE-2016-7524 [boo#1000700] * CVE-2016-7531 [boo#1000704] * CVE-2016-7533 [boo#1000707] * CVE-2016-7537 [boo#1000711] * CVE-2016-6823 [boo#1001066] * CVE-2016-7101 [boo#1001221] * do not divide by zero in WriteTIFFImage [boo#1002206] * fix buffer overflow [boo#1002209] * CVE-2016-7800 [boo#1002422] * CVE-2016-7996, CVE-2016-7997 [boo#1003629] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html E-Mail link for openSUSE-SU-2016:2644-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 GraphicsMagick-1.3.21-14.1 GraphicsMagick-devel-1.3.21-14.1 libGraphicsMagick++-Q16-11-1.3.21-14.1 libGraphicsMagick++-devel-1.3.21-14.1 libGraphicsMagick-Q16-3-1.3.21-14.1 libGraphicsMagick3-config-1.3.21-14.1 libGraphicsMagickWand-Q16-2-1.3.21-14.1 perl-GraphicsMagick-1.3.21-14.1 GraphicsMagick-1.3.21-14.1 as a component of openSUSE Leap 42.1 GraphicsMagick-devel-1.3.21-14.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-Q16-11-1.3.21-14.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-devel-1.3.21-14.1 as a component of openSUSE Leap 42.1 libGraphicsMagick-Q16-3-1.3.21-14.1 as a component of openSUSE Leap 42.1 libGraphicsMagick3-config-1.3.21-14.1 as a component of openSUSE Leap 42.1 libGraphicsMagickWand-Q16-2-1.3.21-14.1 as a component of openSUSE Leap 42.1 perl-GraphicsMagick-1.3.21-14.1 as a component of openSUSE Leap 42.1 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. CVE-2016-5688 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-5688.html CVE-2016-5688 https://bugzilla.suse.com/985442 SUSE Bug 985442 Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. CVE-2016-6823 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.8 AV:N/AC:M/Au:N/C:N/I:P/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-6823.html CVE-2016-6823 https://bugzilla.suse.com/1001066 SUSE Bug 1001066 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. CVE-2016-7101 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7101.html CVE-2016-7101 https://bugzilla.suse.com/1001221 SUSE Bug 1001221 https://bugzilla.suse.com/1002207 SUSE Bug 1002207 Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. CVE-2016-7446 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7446.html CVE-2016-7446 https://bugzilla.suse.com/999673 SUSE Bug 999673 Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. CVE-2016-7447 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7447.html CVE-2016-7447 https://bugzilla.suse.com/999673 SUSE Bug 999673 The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. CVE-2016-7448 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7448.html CVE-2016-7448 https://bugzilla.suse.com/999673 SUSE Bug 999673 The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. CVE-2016-7449 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7449.html CVE-2016-7449 https://bugzilla.suse.com/999673 SUSE Bug 999673 The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. CVE-2016-7515 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7515.html CVE-2016-7515 https://bugzilla.suse.com/1000689 SUSE Bug 1000689 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. CVE-2016-7517 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7517.html CVE-2016-7517 https://bugzilla.suse.com/1000693 SUSE Bug 1000693 The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. CVE-2016-7519 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7519.html CVE-2016-7519 https://bugzilla.suse.com/1000689 SUSE Bug 1000689 https://bugzilla.suse.com/1000695 SUSE Bug 1000695 The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. CVE-2016-7522 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7522.html CVE-2016-7522 https://bugzilla.suse.com/1000698 SUSE Bug 1000698 coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. CVE-2016-7524 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7524.html CVE-2016-7524 https://bugzilla.suse.com/1000700 SUSE Bug 1000700 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. CVE-2016-7528 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7528.html CVE-2016-7528 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. CVE-2016-7529 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7529.html CVE-2016-7529 https://bugzilla.suse.com/1000399 SUSE Bug 1000399 https://bugzilla.suse.com/1000434 SUSE Bug 1000434 https://bugzilla.suse.com/1000703 SUSE Bug 1000703 https://bugzilla.suse.com/1054924 SUSE Bug 1054924 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. CVE-2016-7531 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7531.html CVE-2016-7531 https://bugzilla.suse.com/1000704 SUSE Bug 1000704 The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. CVE-2016-7533 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7533.html CVE-2016-7533 https://bugzilla.suse.com/1000707 SUSE Bug 1000707 MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. CVE-2016-7537 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7537.html CVE-2016-7537 https://bugzilla.suse.com/1000711 SUSE Bug 1000711 Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. CVE-2016-7800 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7800.html CVE-2016-7800 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. CVE-2016-7996 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7996.html CVE-2016-7996 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 https://bugzilla.suse.com/1067184 SUSE Bug 1067184 The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. CVE-2016-7997 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-7997.html CVE-2016-7997 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. CVE-2016-8682 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-8682.html CVE-2016-8682 https://bugzilla.suse.com/1005125 SUSE Bug 1005125 The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8683 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-8683.html CVE-2016-8683 https://bugzilla.suse.com/1005127 SUSE Bug 1005127 The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." CVE-2016-8684 openSUSE Leap 42.1:GraphicsMagick-1.3.21-14.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-14.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-14.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html https://www.suse.com/security/cve/CVE-2016-8684.html CVE-2016-8684 https://bugzilla.suse.com/1005123 SUSE Bug 1005123