VYPR

rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (230)

  • CVE-2017-14172MedSep 7, 2017
    affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1

    In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the

  • CVE-2017-14139MedSep 4, 2017
    affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.

  • CVE-2017-14138CriSep 4, 2017
    affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1

    ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

  • CVE-2017-12693MedSep 1, 2017
    affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1

    The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.

  • CVE-2017-12692MedSep 1, 2017
    affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1

    The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.

  • CVE-2017-12691MedSep 1, 2017
    affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1

    The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-14103HigSep 1, 2017
    affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1

    The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order

  • CVE-2017-14060MedAug 31, 2017
    affected < 6.8.8.1-71.42.1fixed 6.8.8.1-71.42.1

    In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed

  • CVE-2017-14042MedAug 30, 2017
    affected < 6.8.8.1-71.20.1fixed 6.8.8.1-71.20.1

    A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

  • CVE-2017-13769MedAug 30, 2017
    affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1

    The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.

  • CVE-2017-13768MedAug 30, 2017
    affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1

    Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

  • CVE-2017-13658MedAug 24, 2017
    affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1

    In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

  • CVE-2017-13648MedAug 23, 2017
    affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1

    In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.

  • CVE-2017-13147HigAug 23, 2017
    affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1

    In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.

  • CVE-2017-13146HigAug 23, 2017
    affected < 6.8.8.1-71.26.1fixed 6.8.8.1-71.26.1

    In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.

  • CVE-2017-13142MedAug 23, 2017
    affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1

    In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

  • CVE-2017-13141MedAug 23, 2017
    affected < 6.8.8.1-71.33.1fixed 6.8.8.1-71.33.1

    In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.

  • CVE-2017-13139CriAug 23, 2017
    affected < 6.8.8.1-71.12.1fixed 6.8.8.1-71.12.1

    In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

  • CVE-2017-13134MedAug 23, 2017
    affected < 6.8.8.1-71.17.1fixed 6.8.8.1-71.17.1

    In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-13133MedAug 23, 2017
    affected < 6.8.8.1-71.12.1fixed 6.8.8.1-71.12.1

    In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.

Page 4 of 12