{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.4.3.6-7.78.14.1","ImageMagick-devel":"6.4.3.6-7.78.14.1","libMagick++-devel":"6.4.3.6-7.78.14.1","libMagick++1":"6.4.3.6-7.78.14.1","libMagickWand1":"6.4.3.6-7.78.14.1","libMagickWand1-32bit":"6.4.3.6-7.78.14.1","perl-PerlMagick":"6.4.3.6-7.78.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.78.14.1","libMagickCore1-32bit":"6.4.3.6-7.78.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libMagickCore1":"6.4.3.6-7.78.14.1","libMagickCore1-32bit":"6.4.3.6-7.78.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.3.6-7.78.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes the following issues:\n\n  * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas  \n    could possibly disclose potentially sensitive memory [bsc#1059778]\n  \n  * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n  \n  * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage \n    in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n  * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n  * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c \n    could lead to denial of service [bsc#1067181]\n\n  * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in  \n    validation problems could lead to denial of service [bsc#1067184]\n\n  * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n  * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n  * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan \n    in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n  * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n  * CVE-2017-15930: Null Pointer dereference  while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n  * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c \n    allows remote attackers to cause a denial of service [bsc#1054757]\n\n  * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n  * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, \n    which allows attackers to cause denial of service [bsc#1052553]\n\n  * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n  * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n  \n  * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457]\n\n  * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] \n\n  * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n  * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS  [bnc#1051441] \n\n  * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] \n\n  * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n  * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n  * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n  * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n  * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n  \n","id":"SUSE-SU-2017:3378-1","modified":"2017-12-20T11:23:56Z","published":"2017-12-20T11:23:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173378-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048457"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049796"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050116"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050139"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050632"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051441"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052553"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052764"},{"type":"REPORT","url":"https://bugzilla.suse.com/1054757"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055214"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056432"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057729"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057730"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058485"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059666"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059778"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060577"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066003"},{"type":"REPORT","url":"https://bugzilla.suse.com/1067181"},{"type":"REPORT","url":"https://bugzilla.suse.com/1067184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11478"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11640"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11752"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12587"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12644"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12662"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12669"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13769"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14172"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14173"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14175"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14341"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14342"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14733"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15930"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16545"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16546"}],"related":["CVE-2017-11188","CVE-2017-11478","CVE-2017-11527","CVE-2017-11535","CVE-2017-11640","CVE-2017-11752","CVE-2017-12140","CVE-2017-12435","CVE-2017-12587","CVE-2017-12644","CVE-2017-12662","CVE-2017-12669","CVE-2017-12983","CVE-2017-13134","CVE-2017-13769","CVE-2017-14172","CVE-2017-14173","CVE-2017-14175","CVE-2017-14341","CVE-2017-14342","CVE-2017-14531","CVE-2017-14607","CVE-2017-14733","CVE-2017-15930","CVE-2017-16545","CVE-2017-16546"],"summary":"Security update for ImageMagick","upstream":["CVE-2017-11188","CVE-2017-11478","CVE-2017-11527","CVE-2017-11535","CVE-2017-11640","CVE-2017-11752","CVE-2017-12140","CVE-2017-12435","CVE-2017-12587","CVE-2017-12644","CVE-2017-12662","CVE-2017-12669","CVE-2017-12983","CVE-2017-13134","CVE-2017-13769","CVE-2017-14172","CVE-2017-14173","CVE-2017-14175","CVE-2017-14341","CVE-2017-14342","CVE-2017-14531","CVE-2017-14607","CVE-2017-14733","CVE-2017-15930","CVE-2017-16545","CVE-2017-16546"]}