VYPR

rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Software Development Kit 12 SP1

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Vulnerabilities (149)

  • CVE-2016-8862HigFeb 15, 2017
    affected < 6.8.8.1-47.1fixed 6.8.8.1-47.1

    The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

  • CVE-2016-8684HigFeb 15, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2016-8683HigFeb 15, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2016-8682HigFeb 15, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

  • CVE-2016-7800HigFeb 6, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2016-7997HigJan 18, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

  • CVE-2016-7996CriJan 18, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

  • CVE-2016-7799MedJan 18, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

  • CVE-2016-7101MedJan 18, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.

  • CVE-2016-6823HigJan 18, 2017
    affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1

    Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.

  • CVE-2016-8707HigDec 23, 2016
    affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1

    An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can

  • CVE-2016-6520CriDec 13, 2016
    affected < 6.8.8.1-33.1fixed 6.8.8.1-33.1

    Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

  • CVE-2016-6491HigDec 13, 2016
    affected < 6.8.8.1-33.1fixed 6.8.8.1-33.1

    Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

  • CVE-2016-5842HigDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

  • CVE-2016-5841CriDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

  • CVE-2016-5691CriDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

  • CVE-2016-5690CriDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

  • CVE-2016-5689CriDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

  • CVE-2016-5688HigDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu

  • CVE-2016-5687CriDec 13, 2016
    affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2

    The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

Page 7 of 8