Lucene search

K
suse
SuseOPENSUSE-SU-2016:3060-1
HistoryDec 08, 2016 - 6:09 p.m.

Security update for GraphicsMagick (important)

2016-12-0818:09:17
lists.opensuse.org
26

0.705 High

EPSS

Percentile

97.7%

This update for GraphicsMagick fixes the following issues:

  • a possible shell execution attack was fixed. if the first character of
    an input filename for ‘convert’ was a ‘|’ then the remainder of the
    filename was passed to the shell (CVE-2016-5118, boo#982178)
  • Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,
    [boo#983752])
  • Prevent overflow in rle files (CVE-2014-9846, boo#983521)
  • Fix a double free in pdb coder (CVE-2014-9807, boo#983794)
  • Fix a possible crash due to corrupted xwd images (CVE-2014-9809,
    boo#983799)
  • Fix a possible crash due to corrupted wpg images (CVE-2014-9815,
    boo#984372)
  • Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,
    boo#984400)
  • Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)
  • Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)
  • Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,
    boo#984145, boo#984375)
  • Additional PNM sanity checks (CVE-2014-9837, boo#984166)
  • Fix a possible crash due to corrupted dib file (CVE-2014-9845,
    boo#984394)
  • Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)
  • Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)
  • Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)
  • Fix out of bound access for malformed psd file (CVE-2016-7522,
    boo#1000698)
  • Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)
  • Fix out of bound access in corrupted wpg files (CVE-2016-7533,
    boo#1000707)
  • Fix out of bound access in corrupted pdb files (CVE-2016-7537,
    boo#1000711)
  • BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)
  • SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)
  • Divide by zero in WriteTIFFImage (do not divide by zero in
    WriteTIFFImage, boo#1002206)
  • Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer
    overflow, boo#1002209)
  • 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,
    boo#1002422)
  • wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)
  • Mismatch between real filesize and header values (CVE-2016-8684,
    boo#1005123)
  • Stack-buffer read overflow while reading SCT header (CVE-2016-8682,
    boo#1005125)
  • Check that filesize is reasonable compared to the header value
    (CVE-2016-8683, boo#1005127)
  • Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,
    boo#1007245)
  • heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

0.705 High

EPSS

Percentile

97.7%

Related for OPENSUSE-SU-2016:3060-1