{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.4.3.6-7.78.8.1","ImageMagick-devel":"6.4.3.6-7.78.8.1","libMagick++-devel":"6.4.3.6-7.78.8.1","libMagick++1":"6.4.3.6-7.78.8.1","libMagickWand1":"6.4.3.6-7.78.8.1","libMagickWand1-32bit":"6.4.3.6-7.78.8.1","perl-PerlMagick":"6.4.3.6-7.78.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.78.8.1","libMagickCore1-32bit":"6.4.3.6-7.78.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.78.8.1","libMagickCore1-32bit":"6.4.3.6-7.78.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-11534: Processing a crafted file in convert could have lead to a\n  Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135).\n- CVE-2017-13133: The load_level function in coders/xcf.c lacked offset\n  validation, which allowed attackers to cause a denial of service (load_tile\n  memory exhaustion) via a crafted file (bsc#1055219).\n- CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an\n  out-of-bounds read with the MNG CLIP chunk (bsc#1055430).\n- CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c\n  (bsc#1061873).\n","id":"SUSE-SU-2017:3168-1","modified":"2017-11-30T22:00:14Z","published":"2017-11-30T22:00:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173168-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050135"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055219"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11534"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13139"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15033"}],"related":["CVE-2017-11534","CVE-2017-13133","CVE-2017-13139","CVE-2017-15033"],"summary":"Security update for ImageMagick","upstream":["CVE-2017-11534","CVE-2017-13133","CVE-2017-13139","CVE-2017-15033"]}