rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (332)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14314 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Sep 12, 2017 | Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | |
| CVE-2017-14249 | Med | 6.5 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Sep 11, 2017 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-14224 | Hig | 8.8 | < 6.4.3.6-7.78.34.1 | 6.4.3.6-7.78.34.1 | Sep 9, 2017 | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |
| CVE-2017-14175 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 7, 2017 | In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provi | |
| CVE-2017-14174 | Med | 6.5 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Sep 7, 2017 | In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro | |
| CVE-2017-14173 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 7, 2017 | In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TX | |
| CVE-2017-14172 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 7, 2017 | In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the | |
| CVE-2017-12693 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Sep 1, 2017 | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | |
| CVE-2017-12692 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Sep 1, 2017 | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | |
| CVE-2017-12691 | Med | 6.5 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Sep 1, 2017 | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-14103 | Hig | 8.8 | < 6.4.3.6-7.78.29.2 | 6.4.3.6-7.78.29.2 | Sep 1, 2017 | The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order | |
| CVE-2017-14042 | Med | 6.5 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Aug 30, 2017 | A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. | |
| CVE-2017-13769 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Aug 30, 2017 | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | |
| CVE-2017-13768 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Aug 30, 2017 | Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | |
| CVE-2017-13758 | Med | 6.5 | < 6.4.3.6-78.56.1 | 6.4.3.6-78.56.1 | Aug 29, 2017 | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |
| CVE-2017-13658 | Med | 6.5 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Aug 24, 2017 | In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | |
| CVE-2017-13648 | Med | 6.5 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Aug 23, 2017 | In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | |
| CVE-2017-13147 | Hig | 8.8 | < 6.4.3.6-7.78.29.2 | 6.4.3.6-7.78.29.2 | Aug 23, 2017 | In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | |
| CVE-2017-13146 | Hig | 8.8 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Aug 23, 2017 | In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | |
| CVE-2017-13142 | Med | 6.5 | < 6.4.3.6-7.78.29.2 | 6.4.3.6-7.78.29.2 | Aug 23, 2017 | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. |
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
- affected < 6.4.3.6-7.78.34.1fixed 6.4.3.6-7.78.34.1
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provi
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TX
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
- affected < 6.4.3.6-7.78.29.2fixed 6.4.3.6-7.78.29.2
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
- affected < 6.4.3.6-78.56.1fixed 6.4.3.6-78.56.1
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
- affected < 6.4.3.6-7.78.29.2fixed 6.4.3.6-7.78.29.2
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
- affected < 6.4.3.6-7.78.29.2fixed 6.4.3.6-7.78.29.2
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
Page 5 of 17