Lucene search
SuseOPENSUSE-SU-2016:3060-1HistoryDec 08, 2016 - 6:09 p.m.
Security update for GraphicsMagick (important)
2016-12-0818:09:17
lists.opensuse.org
30
0.705 High
EPSS
Percentile
97.7%
This update for GraphicsMagick fixes the following issues:
- a possible shell execution attack was fixed. if the first character of
an input filename for ‘convert’ was a ‘|’ then the remainder of the
filename was passed to the shell (CVE-2016-5118, boo#982178) - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,
[boo#983752]) - Prevent overflow in rle files (CVE-2014-9846, boo#983521)
- Fix a double free in pdb coder (CVE-2014-9807, boo#983794)
- Fix a possible crash due to corrupted xwd images (CVE-2014-9809,
boo#983799) - Fix a possible crash due to corrupted wpg images (CVE-2014-9815,
boo#984372) - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,
boo#984400) - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)
- Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)
- Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,
boo#984145, boo#984375) - Additional PNM sanity checks (CVE-2014-9837, boo#984166)
- Fix a possible crash due to corrupted dib file (CVE-2014-9845,
boo#984394) - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)
- Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)
- Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)
- Fix out of bound access for malformed psd file (CVE-2016-7522,
boo#1000698) - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)
- Fix out of bound access in corrupted wpg files (CVE-2016-7533,
boo#1000707) - Fix out of bound access in corrupted pdb files (CVE-2016-7537,
boo#1000711) - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)
- SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)
- Divide by zero in WriteTIFFImage (do not divide by zero in
WriteTIFFImage, boo#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer
overflow, boo#1002209) - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,
boo#1002422) - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)
- Mismatch between real filesize and header values (CVE-2016-8684,
boo#1005123) - Stack-buffer read overflow while reading SCT header (CVE-2016-8682,
boo#1005125) - Check that filesize is reasonable compared to the header value
(CVE-2016-8683, boo#1005127) - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,
boo#1007245) - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)
References
bugzilla.suse.com/1000399
bugzilla.suse.com/1000434
bugzilla.suse.com/1000689
bugzilla.suse.com/1000698
bugzilla.suse.com/1000704
bugzilla.suse.com/1000707
bugzilla.suse.com/1000711
bugzilla.suse.com/1001066
bugzilla.suse.com/1001221
bugzilla.suse.com/1002206
bugzilla.suse.com/1002209
bugzilla.suse.com/1002422
bugzilla.suse.com/1003629
bugzilla.suse.com/1005123
bugzilla.suse.com/1005125
bugzilla.suse.com/1005127
bugzilla.suse.com/1007245
bugzilla.suse.com/1011130
bugzilla.suse.com/982178
bugzilla.suse.com/983521
bugzilla.suse.com/983752
bugzilla.suse.com/983794
bugzilla.suse.com/983799
bugzilla.suse.com/984145
bugzilla.suse.com/984150
bugzilla.suse.com/984166
bugzilla.suse.com/984372
bugzilla.suse.com/984375
bugzilla.suse.com/984394
bugzilla.suse.com/984400
bugzilla.suse.com/984436
Related
openvas
openvas
openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)
2017-02-22 00:00:00
Fedora Update for GraphicsMagick FEDORA-2017-d2bab54ac9
2017-03-13 00:00:00
Fedora Update for GraphicsMagick FEDORA-2017-c71a0f40f0
2017-03-09 00:00:00
nessus
nessus
openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)
2016-12-12 00:00:00
openSUSE Security Update : GraphicsMagick (openSUSE-2016-1229)
2016-10-27 00:00:00
openSUSE Security Update : GraphicsMagick (openSUSE-2016-984)
2016-08-16 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.25-6.fc25
2017-03-09 13:24:51
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.25-6.fc24
2017-03-11 11:52:39
debian
debian
[SECURITY] [DLA 683-1] graphicsmagick security update
2016-10-26 22:34:15
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
osv
osv
graphicsmagick - security update
2016-10-26 00:00:00
graphicsmagick - security update
2016-12-24 00:00:00
CVE-2016-8862
2017-02-15 19:59:00
amazon
amazon
Medium: GraphicsMagick
2017-04-20 06:08:00
suse
suse
Security update for GraphicsMagick (important)
2016-08-15 15:11:03
Security update for ImageMagick (important)
2016-12-01 18:07:53
Security update for GraphicsMagick (important)
2016-07-01 17:07:58
mageia
mageia
The updated packages fix a security vulnerability
2016-10-08 23:18:54
Updated graphicsmagick packages fix security vulnerability
2016-10-26 02:11:42
Updated graphicsmagick packages fix security vulnerabilities
2017-07-30 18:58:51
veracode
veracode
Denial Of Service (DoS) Through Corrupted Dib File
2017-03-21 02:56:01
Heap Overflow In The Wpf File
2017-03-21 08:24:22
Heap Overflow In The Pict File
2017-03-21 08:21:46
cve
cve
debiancve
debiancve
prion
prion
Design/Logic Flaw
2017-04-19 14:59:00
Out-of-bounds
2017-04-19 14:59:00
Heap overflow
2017-03-22 14:59:00
ubuntucve
ubuntucve
alpinelinux
alpinelinux
freebsd
freebsd
GraphicsMagick -- multiple vulnerabilities
2017-07-04 00:00:00
cloudfoundry
cloudfoundry
USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry
2016-12-27 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-30 00:00:00
ImageMagick vulnerabilities
2016-11-21 00:00:00
redhatcve
redhatcve