rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (69)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-27773	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead t
CVE-2020-27772	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availa
CVE-2020-27771	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefin
CVE-2020-27770	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image
CVE-2020-27767	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact
CVE-2020-27766	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to applica
CVE-2020-27765	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 4, 2020	A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could
CVE-2020-27764	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked thi
CVE-2020-27763	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could p
CVE-2020-27762	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application avail
CVE-2020-27761	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instea
CVE-2020-27760	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc
CVE-2020-27759	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Dec 3, 2020	In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by
CVE-2020-19667	—	< 6.8.8.1-71.154.1	6.8.8.1-71.154.1	Nov 20, 2020	Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVE-2020-27560	—	< 6.8.8.1-71.147.1	6.8.8.1-71.147.1	Oct 22, 2020	ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2019-19948	—	< 6.8.8.1-71.141.1	6.8.8.1-71.141.1	Dec 24, 2019	In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19949	—	< 6.8.8.1-71.141.1	6.8.8.1-71.141.1	Dec 24, 2019	In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVE-2019-17540	—	< 6.8.8.1-71.177.1	6.8.8.1-71.177.1	Oct 14, 2019	ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVE-2019-16708	—	< 6.8.8.1-71.131.1	6.8.8.1-71.131.1	Sep 23, 2019	ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709	—	< 6.8.8.1-71.131.1	6.8.8.1-71.131.1	Sep 23, 2019	ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

CVE-2020-27773Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead t
CVE-2020-27772Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availa
CVE-2020-27771Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefin
CVE-2020-27770Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image
CVE-2020-27767Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact
CVE-2020-27766Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to applica
CVE-2020-27765Dec 4, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could
CVE-2020-27764Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked thi
CVE-2020-27763Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could p
CVE-2020-27762Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application avail
CVE-2020-27761Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instea
CVE-2020-27760Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc
CVE-2020-27759Dec 3, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by
CVE-2020-19667Nov 20, 2020
affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVE-2020-27560Oct 22, 2020
affected < 6.8.8.1-71.147.1fixed 6.8.8.1-71.147.1
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2019-19948Dec 24, 2019
affected < 6.8.8.1-71.141.1fixed 6.8.8.1-71.141.1
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19949Dec 24, 2019
affected < 6.8.8.1-71.141.1fixed 6.8.8.1-71.141.1
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVE-2019-17540Oct 14, 2019
affected < 6.8.8.1-71.177.1fixed 6.8.8.1-71.177.1
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVE-2019-16708Sep 23, 2019
affected < 6.8.8.1-71.131.1fixed 6.8.8.1-71.131.1
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709Sep 23, 2019
affected < 6.8.8.1-71.131.1fixed 6.8.8.1-71.131.1
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Page 3 of 4