File _patchinfo of Package patchinfo.8831

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.8831

<patchinfo incident="8831">
  <issue tracker="bnc" id="1105592">VUL-0: ImageMagick, GraphicsMagick: ghostscript: various issues bypassing -dSAFER</issue>
  <issue tracker="bnc" id="1107619">VUL-1: CVE-2018-16640: GraphicsMagick,ImageMagick: memory leak vulnerability in the functionReadOneJNGImage in coders/png.c</issue>
  <issue tracker="bnc" id="1108282">VUL-1: CVE-2018-16749: GraphicsMagick,ImageMagick:  Missing NULL check in ReadOneJNGImage in coders/png.c</issue>
  <issue tracker="bnc" id="1107612">VUL-1: CVE-2018-16643: GraphicsMagick,ImageMagick: ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in do not check the return value</issue>
  <issue tracker="bnc" id="1107616">VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write</issue>
  <issue tracker="bnc" id="1108283">VUL-1: CVE-2018-16750: GraphicsMagick,ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c</issue>
  <issue tracker="bnc" id="1050129">VUL-1: CVE-2017-11532: ImageMagick: Memory Leak in WriteMPCImage() in coders/mpc.c</issue>
  <issue tracker="bnc" id="1107604">VUL-1: CVE-2018-16645: GraphicsMagick,ImageMagick: excessive memory allocation issue in the functions ReadBMPImage ofcoders/bmp.c and ReadDIBImage of coders/dib.c</issue>
  <issue tracker="bnc" id="1106989">VUL-1: CVE-2018-16413: GraphicsMagick,ImageMagick: heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function</issue>
  <issue tracker="bnc" id="1107609">VUL-1: CVE-2018-16644: GraphicsMagick,ImageMagick: missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict</issue>
  <issue tracker="cve" id="2018-16750"/>
  <issue tracker="cve" id="2018-16749"/>
  <issue tracker="cve" id="2017-11532"/>
  <issue tracker="cve" id="2018-16645"/>
  <issue tracker="cve" id="2018-16644"/>
  <issue tracker="cve" id="2018-16413"/>
  <issue tracker="cve" id="2018-16640"/>
  <issue tracker="cve" id="2018-16643"/>
  <issue tracker="cve" id="2018-16642"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following security issues:

- CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage()
  function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129)
- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function
  (bsc#1108283)
- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an
  attacker to cause a denial of service (WriteBlob assertion failure and
  application exit) via a crafted file (bsc#1108282)
- CVE-2018-16642: The function InsertRow allowed remote attackers to cause a
  denial of service via a crafted image file due to an out-of-bounds write
  (bsc#1107616)
- CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage
  (bsc#1107619)
- CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and
  ReadPICTImage did check the return value of the fputc function, which allowed
  remote attackers to cause a denial of service via a crafted image file
  (bsc#1107612)
- CVE-2018-16644: Added missing check for length in the functions ReadDCMImage
  and ReadPICTImage, which allowed remote attackers to cause a denial of service
  via a crafted image (bsc#1107609)
- CVE-2018-16645: Prevent excessive memory allocation issue in the functions
  ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial
  of service via a crafted image file (bsc#1107604)
- CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel
  function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like formats to
"write" only. (bsc#1105592)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.8831

Places