{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.4.3.6-7.54.1","ImageMagick-devel":"6.4.3.6-7.54.1","libMagick++-devel":"6.4.3.6-7.54.1","libMagick++1":"6.4.3.6-7.54.1","libMagickWand1":"6.4.3.6-7.54.1","libMagickWand1-32bit":"6.4.3.6-7.54.1","perl-PerlMagick":"6.4.3.6-7.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.54.1","libMagickCore1-32bit":"6.4.3.6-7.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.54.1","libMagickCore1-32bit":"6.4.3.6-7.54.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.54.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ImageMagick fixes the following issues:\n\nThese vulnerabilities could be triggered by processing specially crafted image files,\nwhich could lead to a process crash or resource consumtion, or potentially have\nunspecified futher impact.\n\n- CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245)\n- CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n- CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)\n- CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n- CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n- CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n- CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n- CVE-2016-7529: out of bound in quantum handling (bsc#1000399)\n- CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n- CVE-2016-7527:  out of bound access in wpg file coder: (bsc#1000436)\n- CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n- CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434)\n- CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n- CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n- CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n- CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n- CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n- CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n- CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n- CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n- CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n- CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n- CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)\n- CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692)\n- CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n- CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n- CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)\n- CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694)\n- CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n- CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n- CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n","id":"SUSE-SU-2016:2964-1","modified":"2016-12-01T13:22:05Z","published":"2016-12-01T13:22:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162964-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000436"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000694"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000695"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000698"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000699"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000700"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000701"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000703"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000704"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000707"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000709"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000713"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000714"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001066"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001221"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002209"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005123"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005125"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007245"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9907"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8957"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8958"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5687"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7514"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7515"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7519"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7523"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7524"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7525"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7526"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7528"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7529"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7530"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7997"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8682"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8683"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8684"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8862"}],"related":["CVE-2014-9907","CVE-2015-8957","CVE-2015-8958","CVE-2015-8959","CVE-2016-5687","CVE-2016-6823","CVE-2016-7101","CVE-2016-7514","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7518","CVE-2016-7519","CVE-2016-7522","CVE-2016-7523","CVE-2016-7524","CVE-2016-7525","CVE-2016-7526","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7530","CVE-2016-7531","CVE-2016-7533","CVE-2016-7535","CVE-2016-7537","CVE-2016-7799","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684","CVE-2016-8862"],"summary":"Security update for ImageMagick","upstream":["CVE-2014-9907","CVE-2015-8957","CVE-2015-8958","CVE-2015-8959","CVE-2016-5687","CVE-2016-6823","CVE-2016-7101","CVE-2016-7514","CVE-2016-7515","CVE-2016-7516","CVE-2016-7517","CVE-2016-7518","CVE-2016-7519","CVE-2016-7522","CVE-2016-7523","CVE-2016-7524","CVE-2016-7525","CVE-2016-7526","CVE-2016-7527","CVE-2016-7528","CVE-2016-7529","CVE-2016-7530","CVE-2016-7531","CVE-2016-7533","CVE-2016-7535","CVE-2016-7537","CVE-2016-7799","CVE-2016-7800","CVE-2016-7996","CVE-2016-7997","CVE-2016-8682","CVE-2016-8683","CVE-2016-8684","CVE-2016-8862"]}