rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
Vulnerabilities (231)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12599 | — | < 6.8.8.1-71.82.1 | 6.8.8.1-71.82.1 | Jun 20, 2018 | In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | ||
| CVE-2018-11655 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | Jun 1, 2018 | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | ||
| CVE-2018-11251 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | May 18, 2018 | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. | ||
| CVE-2017-18271 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | ||
| CVE-2018-10805 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | May 8, 2018 | ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | ||
| CVE-2018-10804 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | May 8, 2018 | ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. | ||
| CVE-2018-10177 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Apr 16, 2018 | In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. | ||
| CVE-2018-9135 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 30, 2018 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | ||
| CVE-2018-9133 | — | < 6.8.8.1-71.65.1 | 6.8.8.1-71.65.1 | Mar 30, 2018 | ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff | ||
| CVE-2017-18254 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-18252 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. | ||
| CVE-2017-18251 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-18250 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2018-9018 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 25, 2018 | In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. | ||
| CVE-2018-8960 | — | < 6.8.8.1-71.54.5 | 6.8.8.1-71.54.5 | Mar 23, 2018 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | ||
| CVE-2018-8804 | — | < 6.8.8.1-71.47.1 | 6.8.8.1-71.47.1 | Mar 20, 2018 | WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-18211 | — | < 6.8.8.1-71.47.1 | 6.8.8.1-71.47.1 | Mar 1, 2018 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | ||
| CVE-2017-18209 | — | < 6.8.8.1-71.47.1 | 6.8.8.1-71.47.1 | Mar 1, 2018 | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | ||
| CVE-2018-7470 | — | < 6.8.8.1-71.47.1 | 6.8.8.1-71.47.1 | Feb 25, 2018 | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | ||
| CVE-2018-7443 | — | < 6.8.8.1-71.47.1 | 6.8.8.1-71.47.1 | Feb 23, 2018 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) |
- CVE-2018-12599Jun 20, 2018affected < 6.8.8.1-71.82.1fixed 6.8.8.1-71.82.1
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
- CVE-2018-11655Jun 1, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
- CVE-2018-11251May 18, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
- CVE-2017-18271May 18, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
- CVE-2018-10805May 8, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
- CVE-2018-10804May 8, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
- CVE-2018-10177Apr 16, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
- CVE-2018-9135Mar 30, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
- CVE-2018-9133Mar 30, 2018affected < 6.8.8.1-71.65.1fixed 6.8.8.1-71.65.1
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff
- CVE-2017-18254Mar 27, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
- CVE-2017-18252Mar 27, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
- CVE-2017-18251Mar 27, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
- CVE-2017-18250Mar 27, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
- CVE-2018-9018Mar 25, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
- CVE-2018-8960Mar 23, 2018affected < 6.8.8.1-71.54.5fixed 6.8.8.1-71.54.5
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
- CVE-2018-8804Mar 20, 2018affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
- CVE-2017-18211Mar 1, 2018affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
- CVE-2017-18209Mar 1, 2018affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
- CVE-2018-7470Feb 25, 2018affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
- CVE-2018-7443Feb 23, 2018affected < 6.8.8.1-71.47.1fixed 6.8.8.1-71.47.1
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c)
Page 3 of 12