Security update for ImageMagick (moderate)

2018-10-18T19:26:33
ID OPENSUSE-SU-2018:3225-1
Type suse
Reporter Suse
Modified 2018-10-18T19:26:33

Description

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069)
  • CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072).
  • CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747).
  • CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746).
  • CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545)
  • CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546)

This update was imported from the SUSE:SLE-12:Update update project.