rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (265)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-16545	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Nov 5, 2017	The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via
CVE-2017-16353	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Nov 1, 2017	GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
CVE-2017-16352	Hig	8.8	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Nov 1, 2017	GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
CVE-2017-15930	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Oct 27, 2017	In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
CVE-2017-15281	Hig	8.8	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Oct 12, 2017	ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVE-2017-15277	Med	6.5	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Oct 12, 2017	ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d
CVE-2017-15218	Med	6.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Oct 10, 2017	ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVE-2017-15217	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Oct 10, 2017	ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-15033	Hig	7.5	< 6.8.8.1-71.12.1	6.8.8.1-71.12.1	Oct 5, 2017	ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVE-2017-15017	Hig	8.8	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Oct 5, 2017	ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-15016	Hig	8.8	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Oct 5, 2017	ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVE-2017-14997	Med	6.5	< 6.8.8.1-71.85.1	6.8.8.1-71.85.1	Oct 4, 2017	GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
CVE-2017-14989	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Oct 3, 2017	A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVE-2017-14739	Hig	7.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Sep 26, 2017	The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash
CVE-2017-14733	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 25, 2017	ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14682	Hig	8.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 21, 2017	GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVE-2017-14649	Med	5.5	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Sep 21, 2017	ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
CVE-2017-14607	Hig	8.1	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 20, 2017	In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-14533	Med	6.5	< 6.8.8.1-71.26.1	6.8.8.1-71.26.1	Sep 18, 2017	ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVE-2017-14531	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 18, 2017	ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.

CVE-2017-16545HigNov 5, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via
CVE-2017-16353MedNov 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
CVE-2017-16352HigNov 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
CVE-2017-15930HigOct 27, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
CVE-2017-15281HigOct 12, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVE-2017-15277MedOct 12, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d
CVE-2017-15218MedOct 10, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVE-2017-15217MedOct 10, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-15033HigOct 5, 2017
affected < 6.8.8.1-71.12.1fixed 6.8.8.1-71.12.1
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVE-2017-15017HigOct 5, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-15016HigOct 5, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVE-2017-14997MedOct 4, 2017
affected < 6.8.8.1-71.85.1fixed 6.8.8.1-71.85.1
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
CVE-2017-14989MedOct 3, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVE-2017-14739HigSep 26, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash
CVE-2017-14733MedSep 25, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14682HigSep 21, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVE-2017-14649MedSep 21, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
CVE-2017-14607HigSep 20, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-14533MedSep 18, 2017
affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVE-2017-14531MedSep 18, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.

Page 7 of 14