Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

SUSE: 2018:3269-1 Low: GraphicsMagick Denial Of Service Issues

suse
Calendar Grey October 22, 2018
Dist Suse Esm H88
SUSE releases a security patch for ImageMagick tackling severe vulnerabilities and memory management issues.
An update that fixes 12 vulnerabilities is now available

Summary

This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619). - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616). - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage,

References

#1106855 #1107604 #1107609 #1107612 #1107616

#1107619 #1108282 #1108283 #1110746 #1110747

#1111069 #1111072

Cross- CVE-2018-16323 CVE-2018-16640 CVE-2018-16642

CVE-2018-16643 CVE-2018-16644 CVE-2018-16645

CVE-2018-16749 CVE-2018-16750 CVE-2018-17965

CVE-2018-17966 CVE-2018-18016 CVE-2018-18024

Affected Products:

SUSE Studio Onsite 1.3

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-16323.html

https://www.suse.com/security/cve/CVE-2018-16640.html

https://www.suse.com/security/cve/CVE-2018-16642.html

https://www.suse.com/security/cve/CVE-2018-16643.html

https://www.suse.com/security/cve/CVE-2018-16644.html

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3269-1
Rating: low

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.