This update for ImageMagick fixes the following security issues:
- CVE-2017-11532: Prevent a memory leak vulnerability in the
WriteMPCImage() function in coders/mpc.c via a crafted file allowing for
DoS (bsc#1050129)
- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function
(bsc#1108283)
- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed
an attacker to cause a denial of service (WriteBlob assertion failure
and application exit) via a crafted file (bsc#1108282)
- CVE-2018-16642: The function InsertRow allowed remote attackers to cause
a denial of service via a crafted image file due to an out-of-bounds
write (bsc#1107616)
- CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage
(bsc#1107619)
- CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage,
and ReadPICTImage did check the return value of the fputc function,
which allowed remote attackers to cause a denial of service via a
crafted image file (bsc#1107612)
- CVE-2018-16644: Added missing check for length in the functions
ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause
a denial of service via a crafted image (bsc#1107609)
- CVE-2018-16645: Prevent excessive memory allocation issue in the
functions ReadBMPImage and ReadDIBImage, which allowed remote attackers
to cause a denial
of service via a crafted image file (bsc#1107604)
- CVE-2018-16413: Prevent heap-based buffer over-read in the
PushShortPixel function leading to DoS (bsc#1106989)
This update also relaxes the restrictions of use of Postscript like
formats to "write" only. (bsc#1105592)
This update was imported from the SUSE:SLE-12:Update update project.