rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Desktop 12 SP2

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Vulnerabilities (230)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-10064	Hig	7.8	< 6.8.8.1-59.1	6.8.8.1-59.1	Mar 2, 2017	Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10063	Hig	7.8	< 6.8.8.1-59.1	6.8.8.1-59.1	Mar 2, 2017	Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVE-2016-10062	Med	5.5	< 6.8.8.1-59.1	6.8.8.1-59.1	Mar 2, 2017	The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-10060	Med	6.5	< 6.8.8.1-59.1	6.8.8.1-59.1	Mar 2, 2017	The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-9559	Med	6.5	< 6.8.8.1-54.1	6.8.8.1-54.1	Mar 1, 2017	coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2016-9773	Med	5.5	< 6.8.8.1-54.1	6.8.8.1-54.1	Feb 17, 2017	Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2016-8866	Hig	8.8	< 6.8.8.1-54.1	6.8.8.1-54.1	Feb 15, 2017	The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-
CVE-2016-8862	Hig	8.8	< 6.8.8.1-47.1	6.8.8.1-47.1	Feb 15, 2017	The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2016-6823	Hig	7.5	< 6.8.8.1-47.1	6.8.8.1-47.1	Jan 18, 2017	Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVE-2016-8707	Hig	7.8	< 6.8.8.1-54.1	6.8.8.1-54.1	Dec 23, 2016	An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can

CVE-2016-10064HigMar 2, 2017
affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10063HigMar 2, 2017
affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVE-2016-10062MedMar 2, 2017
affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-10060MedMar 2, 2017
affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-9559MedMar 1, 2017
affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2016-9773MedFeb 17, 2017
affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2016-8866HigFeb 15, 2017
affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-
CVE-2016-8862HigFeb 15, 2017
affected < 6.8.8.1-47.1fixed 6.8.8.1-47.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2016-6823HigJan 18, 2017
affected < 6.8.8.1-47.1fixed 6.8.8.1-47.1
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVE-2016-8707HigDec 23, 2016
affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can

Page 12 of 12