rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (265)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-14505	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Sep 17, 2017	DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag
CVE-2017-14343	Med	6.5	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Sep 12, 2017	ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-14342	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 12, 2017	ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVE-2017-14341	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 12, 2017	ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVE-2017-14326	Med	6.5	< 6.8.8.1-71.26.1	6.8.8.1-71.26.1	Sep 12, 2017	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-14325	Med	6.5	< 6.8.8.1-71.54.5	6.8.8.1-71.54.5	Sep 12, 2017	In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
CVE-2017-14314	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Sep 12, 2017	Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14249	Med	6.5	< 6.8.8.1-71.23.1	6.8.8.1-71.23.1	Sep 11, 2017	ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVE-2017-14224	Hig	8.8	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Sep 9, 2017	A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVE-2017-14175	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 7, 2017	In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provi
CVE-2017-14174	Med	6.5	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Sep 7, 2017	In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro
CVE-2017-14173	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 7, 2017	In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TX
CVE-2017-14172	Med	6.5	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 7, 2017	In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the
CVE-2017-14139	Med	6.5	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Sep 4, 2017	ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVE-2017-14138	Cri	9.8	< 6.8.8.1-71.17.1	6.8.8.1-71.17.1	Sep 4, 2017	ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVE-2017-12693	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Sep 1, 2017	The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVE-2017-12692	Med	6.5	< 6.8.8.1-71.47.1	6.8.8.1-71.47.1	Sep 1, 2017	The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVE-2017-12691	Med	6.5	< 6.8.8.1-71.20.1	6.8.8.1-71.20.1	Sep 1, 2017	The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-14103	Hig	8.8	< 6.8.8.1-71.33.1	6.8.8.1-71.33.1	Sep 1, 2017	The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order
CVE-2017-14060	Med	6.5	< 6.8.8.1-71.42.1	6.8.8.1-71.42.1	Aug 31, 2017	In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed

CVE-2017-14505MedSep 17, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag
CVE-2017-14343MedSep 12, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-14342MedSep 12, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVE-2017-14341MedSep 12, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVE-2017-14326MedSep 12, 2017
affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-14325MedSep 12, 2017
affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
CVE-2017-14314MedSep 12, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14249MedSep 11, 2017
affected < 6.8.8.1-71.23.1fixed 6.8.8.1-71.23.1
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVE-2017-14224HigSep 9, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVE-2017-14175MedSep 7, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provi
CVE-2017-14174MedSep 7, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro
CVE-2017-14173MedSep 7, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TX
CVE-2017-14172MedSep 7, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the
CVE-2017-14139MedSep 4, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVE-2017-14138CriSep 4, 2017
affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVE-2017-12693MedSep 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVE-2017-12692MedSep 1, 2017
affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVE-2017-12691MedSep 1, 2017
affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-14103HigSep 1, 2017
affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order
CVE-2017-14060MedAug 31, 2017
affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed

Page 8 of 14