{"affected":[{"ecosystem_specific":{"binaries":[{"GraphicsMagick":"1.2.5-4.46.1","libGraphicsMagick2":"1.2.5-4.46.1","perl-GraphicsMagick":"1.2.5-4.46.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"GraphicsMagick","purl":"pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-4.46.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"GraphicsMagick":"1.2.5-4.46.1","libGraphicsMagick2":"1.2.5-4.46.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"GraphicsMagick","purl":"pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.5-4.46.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for GraphicsMagick fixes the following issues:\n\nThese vulnerabilities could be triggered by processing specially crafted image files,\nwhich could lead to a process crash or resource consumtion, or potentially have\nunspecified futher impact.\n\n- CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n- CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n- CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n- CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n- CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n- CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n- CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n- CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n- CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399)\n- CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434)\n- CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436)\n- CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n- CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n- CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)\n- CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)\n- CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692)\n- CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n- CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449: various issues fixed in 1.3.25 (bsc#999673)\n- CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n- CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n- CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n- CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n- Divide by zero in WriteTIFFImage (bsc#1002206)\n- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n","id":"SUSE-SU-2016:2724-1","modified":"2016-11-04T10:18:42Z","published":"2016-11-04T10:18:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162724-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000436"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000695"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000698"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000700"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000704"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001066"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001221"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002206"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002209"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005123"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005125"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005127"},{"type":"REPORT","url":"https://bugzilla.suse.com/999673"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8957"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8958"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7446"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7447"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7448"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7449"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7515"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7519"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7524"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7528"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7529"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7997"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8682"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8683"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8684"}],"related":["CVE-2015-8957","CVE-2015-8958","CVE-2016-6823","CVE-2016-7101","CVE-2016-7446","CVE-2016-7447","CVE-2016-7448","CVE-2016-7449","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7519","CVE-2016-7522","CVE-2016-7524","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7531","CVE-2016-7533","CVE-2016-7537","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684"],"summary":"Security update for GraphicsMagick","upstream":["CVE-2015-8957","CVE-2015-8958","CVE-2016-6823","CVE-2016-7101","CVE-2016-7446","CVE-2016-7447","CVE-2016-7448","CVE-2016-7449","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7519","CVE-2016-7522","CVE-2016-7524","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7531","CVE-2016-7533","CVE-2016-7537","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684"]}