SUSE-SU-2017:0518-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170518-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0518-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0518-1
Related
  • CVE-2016-10048
  • CVE-2016-10049
  • CVE-2016-10050
  • CVE-2016-10051
  • CVE-2016-10059
  • CVE-2016-10064
  • CVE-2016-10065
  • CVE-2016-10068
  • CVE-2016-10070
  • CVE-2016-10146
  • CVE-2017-5511
Published
2017-02-20T10:12:32Z
Modified
2017-02-20T10:12:32Z
Summary
Security update for GraphicsMagick
Details

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

  • CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310).
  • CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311).
  • CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312).
  • CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313).
  • CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318).
  • CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321).
  • CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322).
  • CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324).
  • CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326).
  • CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443).
  • CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448).
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / GraphicsMagick

Package

Name
GraphicsMagick
Purl
purl:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.5-4.62.1

Ecosystem specific

{
    "binaries": [
        {
            "perl-GraphicsMagick": "1.2.5-4.62.1",
            "GraphicsMagick": "1.2.5-4.62.1",
            "libGraphicsMagick2": "1.2.5-4.62.1"
        }
    ]
}

SUSE:Studio Onsite 1.3 / GraphicsMagick

Package

Name
GraphicsMagick
Purl
purl:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.5-4.62.1

Ecosystem specific

{
    "binaries": [
        {
            "GraphicsMagick": "1.2.5-4.62.1",
            "libGraphicsMagick2": "1.2.5-4.62.1"
        }
    ]
}