{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-40.1","libMagick++-6_Q16-3":"6.8.8.1-40.1","libMagickCore-6_Q16-1":"6.8.8.1-40.1","libMagickCore-6_Q16-1-32bit":"6.8.8.1-40.1","libMagickWand-6_Q16-1":"6.8.8.1-40.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-40.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-40.1","ImageMagick-devel":"6.8.8.1-40.1","libMagick++-6_Q16-3":"6.8.8.1-40.1","libMagick++-devel":"6.8.8.1-40.1","perl-PerlMagick":"6.8.8.1-40.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-40.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore-6_Q16-1":"6.8.8.1-40.1","libMagickWand-6_Q16-1":"6.8.8.1-40.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-40.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore-6_Q16-1":"6.8.8.1-40.1","libMagickWand-6_Q16-1":"6.8.8.1-40.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-40.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-40.1","libMagick++-6_Q16-3":"6.8.8.1-40.1","libMagickCore-6_Q16-1-32bit":"6.8.8.1-40.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP1","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-40.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ImageMagick fixes the following issues:\n    \nThese vulnerabilities could be triggered by processing specially crafted image files,\nwhich could lead to a process crash or resource consumtion, or potentially have\nunspecified futher impact.\n\n- CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n- CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n- CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n- CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328)\n- CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n- CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n- CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n- CVE-2016-7540: writing to RGF format aborts (bsc#1000394)\n- CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715)\n- CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712)\n- CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n- CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n- CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708)\n- CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n- CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706)\n- CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n- CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n- CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399)\n- CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434)\n- CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436)\n- CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702)\n- CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n- CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n- CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n- CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n- CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697)\n- CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696)\n- CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)\n- CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694)\n- CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)\n- CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692)\n- CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n- CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n- CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686)\n- CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n- CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n- CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713)\n- CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n- CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n- CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n- Divide by zero in WriteTIFFImage (bsc#1002206)\n","id":"SUSE-SU-2016:2667-1","modified":"2016-10-28T12:56:04Z","published":"2016-10-28T12:56:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162667-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000394"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000436"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000686"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000694"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000695"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000696"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000697"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000698"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000699"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000700"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000701"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000703"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000704"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000706"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000708"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000709"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000712"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000713"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000714"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000715"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001066"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001221"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002206"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002209"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005123"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005125"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005328"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9907"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8957"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8958"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7513"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7514"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7515"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7519"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7520"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7521"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7523"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7524"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7525"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7526"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7528"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7529"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7530"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7534"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7997"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8682"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8683"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8684"}],"related":["CVE-2014-9907","CVE-2015-8957","CVE-2015-8958","CVE-2015-8959","CVE-2016-6823","CVE-2016-7101","CVE-2016-7513","CVE-2016-7514","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7518","CVE-2016-7519","CVE-2016-7520","CVE-2016-7521","CVE-2016-7522","CVE-2016-7523","CVE-2016-7524","CVE-2016-7525","CVE-2016-7526","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7530","CVE-2016-7531","CVE-2016-7532","CVE-2016-7533","CVE-2016-7534","CVE-2016-7535","CVE-2016-7537","CVE-2016-7538","CVE-2016-7539","CVE-2016-7540","CVE-2016-7799","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8677","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684"],"summary":"Security update for ImageMagick","upstream":["CVE-2014-9907","CVE-2015-8957","CVE-2015-8958","CVE-2015-8959","CVE-2016-6823","CVE-2016-7101","CVE-2016-7513","CVE-2016-7514","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7518","CVE-2016-7519","CVE-2016-7520","CVE-2016-7521","CVE-2016-7522","CVE-2016-7523","CVE-2016-7524","CVE-2016-7525","CVE-2016-7526","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7530","CVE-2016-7531","CVE-2016-7532","CVE-2016-7533","CVE-2016-7534","CVE-2016-7535","CVE-2016-7537","CVE-2016-7538","CVE-2016-7539","CVE-2016-7540","CVE-2016-7799","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8677","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684"]}