rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (275)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-1000445		—	< 6.8.8.1-71.23.1	6.8.8.1-71.23.1	Jan 2, 2018	ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVE-2017-18008		—	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Jan 1, 2018	In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVE-2017-17934	Med	6.5	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Dec 27, 2017	ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVE-2017-17914	Med	6.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Dec 27, 2017	In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVE-2017-17885	Med	6.5	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
CVE-2017-17884	Med	6.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Dec 27, 2017	In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
CVE-2017-17882	Med	6.5	< 6.8.8.1-71.23.1	6.8.8.1-71.23.1	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
CVE-2017-17881	Med	6.5	< 6.8.8.1-71.26.1	6.8.8.1-71.26.1	Dec 27, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
CVE-2017-17879	Hig	8.8	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Dec 27, 2017	In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
CVE-2017-17682	Med	6.5	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Dec 14, 2017	In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVE-2017-17681	Med	6.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Dec 14, 2017	In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVE-2017-17680	Med	6.5	< 6.8.8.1-71.23.1	6.8.8.1-71.23.1	Dec 14, 2017	In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVE-2017-17504	Med	6.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Dec 11, 2017	ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
CVE-2017-16669	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Nov 9, 2017	coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
CVE-2017-16546	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Nov 5, 2017	The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other
CVE-2017-16545	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Nov 5, 2017	The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via
CVE-2017-16353	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Nov 1, 2017	GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
CVE-2017-16352	Hig	8.8	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Nov 1, 2017	GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
CVE-2017-15930	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Oct 27, 2017	In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
CVE-2017-15281	Hig	8.8	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Oct 12, 2017	ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

CVE-2017-1000445Jan 2, 2018
affected < 6.8.8.1-71.23.1fixed 6.8.8.1-71.23.1
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVE-2017-18008Jan 1, 2018
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVE-2017-17934MedDec 27, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVE-2017-17914MedDec 27, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVE-2017-17885MedDec 27, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
CVE-2017-17884MedDec 27, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
CVE-2017-17882MedDec 27, 2017
affected < 6.8.8.1-71.23.1fixed 6.8.8.1-71.23.1
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
CVE-2017-17881MedDec 27, 2017
affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
CVE-2017-17879HigDec 27, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
CVE-2017-17682MedDec 14, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVE-2017-17681MedDec 14, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVE-2017-17680MedDec 14, 2017
affected < 6.8.8.1-71.23.1fixed 6.8.8.1-71.23.1
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVE-2017-17504MedDec 11, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
CVE-2017-16669HigNov 9, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
CVE-2017-16546HigNov 5, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other
CVE-2017-16545HigNov 5, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via
CVE-2017-16353MedNov 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
CVE-2017-16352HigNov 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
CVE-2017-15930HigOct 27, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
CVE-2017-15281HigOct 12, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

Page 4 of 14