Security update for GraphicsMagick (moderate)

ID OPENSUSE-SU-2018:3479-1
Type suse
Reporter Suse
Modified 2018-10-26T14:40:08


This update for GraphicsMagick fixes the following issues:

Security issues fixed:

  • CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. (boo#1112392)
  • CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (boo#1112399)