SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0017-1)

This update for ImageMagick fixes the following issues : - security update xcf.c : - CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of...

Stack overflow

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

CVE-2017-17788

CVE-2017-17788 affects GIMP 2.8.22 with a stack-based buffer over-read in xcf_load_stream (app/xcf/xcf.c) when there is no '\0' after the version string. Connected advisories (Ubuntu USN-3539-1, SUSE SU-2020-0601-1, Red Hat/CVE bundles) confirm this issue among multiple GIMP vulnerabilities and r...

Denial Of Service (DoS) Through Memory Leak

ImageMagick is vulnerable to denial of service DoS attacks through a memory leak. Using a .xcf file, attackers can trigger a memory leak through the ReadXCFImage function of coders/xcf.c...

CVE-2017-14343

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file...

CVE-2017-12691

CVE-2017-12691 is rejected and does not represent an active vulnerability entry.

CVE-2017-12691

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service memory consumption via a crafted file...

Denial-of-Service (DoS) Through Memory Exhaustion

ImageMagick is vulnerable to denial of service DoS attacks through memory exhaustion. The loadlevel function in coders/xcf.c does not validate offsets, allowing a malicious user to pass a xcf file to allocate over the memory limit and consume all the application's memory...

Design/Logic Flaw

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

Out-of-bounds

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted XCF file...

CVE-2016-7529

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted XCF file...

CVE-2016-7529

CVE-2016-7529 affects ImageMagick; the vulnerability is in coders/xcf.c, where processing a crafted XCF file can trigger an out-of-bounds read and remote denial of service. The connected F5 advisory confirms the issue among multiple ImageMagick CVEs but does not specify a patch version or workaro...

CVE-2016-7529

coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted XCF file...