rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (332)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16353 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Nov 1, 2017 | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I | |
| CVE-2017-16352 | Hig | 8.8 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Nov 1, 2017 | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a | |
| CVE-2017-15930 | Hig | 8.8 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Oct 27, 2017 | In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |
| CVE-2017-15281 | Hig | 8.8 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Oct 12, 2017 | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | |
| CVE-2017-15277 | Med | 6.5 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Oct 12, 2017 | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d | |
| CVE-2017-15218 | Med | 6.5 | < 6.4.3.6-7.78.29.2 | 6.4.3.6-7.78.29.2 | Oct 10, 2017 | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | |
| CVE-2017-15033 | Hig | 7.5 | < 6.4.3.6-7.78.8.1 | 6.4.3.6-7.78.8.1 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | |
| CVE-2017-15017 | Hig | 8.8 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | |
| CVE-2017-15016 | Hig | 8.8 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | |
| CVE-2017-14997 | Med | 6.5 | < 6.4.3.6-78.79.1 | 6.4.3.6-78.79.1 | Oct 4, 2017 | GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |
| CVE-2017-14733 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 25, 2017 | ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |
| CVE-2017-14649 | Med | 5.5 | < 6.4.3.6-7.78.29.2 | 6.4.3.6-7.78.29.2 | Sep 21, 2017 | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |
| CVE-2017-14607 | Hig | 8.1 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 20, 2017 | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | |
| CVE-2017-14533 | Med | 6.5 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Sep 18, 2017 | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | |
| CVE-2017-14531 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 18, 2017 | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | |
| CVE-2017-14505 | Med | 6.5 | < 6.4.3.6-78.40.1 | 6.4.3.6-78.40.1 | Sep 17, 2017 | DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag | |
| CVE-2017-14343 | Med | 6.5 | < 6.4.3.6-7.78.17.1 | 6.4.3.6-7.78.17.1 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | |
| CVE-2017-14342 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | |
| CVE-2017-14341 | Med | 6.5 | < 6.4.3.6-7.78.14.1 | 6.4.3.6-7.78.14.1 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |
| CVE-2017-14326 | Med | 6.5 | < 6.4.3.6-7.78.22.1 | 6.4.3.6-7.78.22.1 | Sep 12, 2017 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. |
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d
- affected < 6.4.3.6-7.78.29.2fixed 6.4.3.6-7.78.29.2
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
- affected < 6.4.3.6-7.78.8.1fixed 6.4.3.6-7.78.8.1
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
- affected < 6.4.3.6-78.79.1fixed 6.4.3.6-78.79.1
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- affected < 6.4.3.6-7.78.29.2fixed 6.4.3.6-7.78.29.2
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
- affected < 6.4.3.6-78.40.1fixed 6.4.3.6-78.40.1
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag
- affected < 6.4.3.6-7.78.17.1fixed 6.4.3.6-7.78.17.1
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
- affected < 6.4.3.6-7.78.14.1fixed 6.4.3.6-7.78.14.1
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
- affected < 6.4.3.6-7.78.22.1fixed 6.4.3.6-7.78.22.1
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Page 4 of 17