Security update for GraphicsMagick (important)

2017-12-27T15:08:30
ID SUSE-SU-2017:3435-1
Type suse
Reporter Suse
Modified 2017-12-27T15:08:30

Description

This update for GraphicsMagick fixes the following issues:

 * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in
   coders/tiff.c could lead to denial of service [bsc#1050632]
 * CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c
   could lead to denial of service [bsc#1058485]
 * CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead
   to denial of service [bsc#1058637]
 * CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could
   lead to denial of service [bsc#1067181]
 * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in
   validation problems could lead to denial of service [bsc#1067184]
 * CVE-2017-16669: coders/wpg.c  allows remote attackers to cause a
   denial of service via crafted file [bsc#1067409]
 * CVE-2017-13776: denial of service issue in ReadXBMImage() in a
   coders/xbm.c [bsc#1056429]
 * CVE-2017-13777: denial of service issue in ReadXBMImage() in a
   coders/xbm.c [bsc#1056426]
 * CVE-2017-13134: heap-based buffer over-read in the function SFWScan in
   coders/sfw.c could lead to denial of service via a crafted file
   [bsc#1055214]
 * CVE-2017-15930: Null Pointer dereference  while transfering JPEG
   scanlines could lead to denial of service [bsc#1066003]
 * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
   function in coders/sfw.c allows remote attackers to cause a denial of
   service (application crash) or possibly have unspecified other impact
   via a crafted file. [bsc#1054757]
 * CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue
   where memory allocation is excessive because it depends only on a
   length field in a header. This may lead to remote denial of service in
   the MagickMalloc function in magick/memory.c. [bsc#1057508]
 * CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function
   in coders\pwp.c. [bsc#1052450]