Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2999-1 Final 1 1 2017-11-12T12:34:09Z current 2017-11-12T12:34:09Z 2017-11-12T12:34:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873] * CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379) * CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545) * CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249) * CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253) * CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135) * CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219) * CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924]. This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html E-Mail link for openSUSE-SU-2017:2999-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 ImageMagick-6.8.8.1-37.1 ImageMagick-devel-6.8.8.1-37.1 ImageMagick-devel-32bit-6.8.8.1-37.1 ImageMagick-doc-6.8.8.1-37.1 ImageMagick-extra-6.8.8.1-37.1 libMagick++-6_Q16-3-6.8.8.1-37.1 libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 libMagick++-devel-6.8.8.1-37.1 libMagick++-devel-32bit-6.8.8.1-37.1 libMagickCore-6_Q16-1-6.8.8.1-37.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 libMagickWand-6_Q16-1-6.8.8.1-37.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 perl-PerlMagick-6.8.8.1-37.1 ImageMagick-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 ImageMagick-devel-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 ImageMagick-doc-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 ImageMagick-extra-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagick++-devel-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagick++-devel-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 perl-PerlMagick-6.8.8.1-37.1 as a component of openSUSE Leap 42.2 ImageMagick-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 ImageMagick-doc-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 ImageMagick-extra-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagick++-devel-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagick++-devel-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 perl-PerlMagick-6.8.8.1-37.1 as a component of openSUSE Leap 42.3 The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. CVE-2016-7530 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2016-7530.html CVE-2016-7530 https://bugzilla.suse.com/1000399 SUSE Bug 1000399 https://bugzilla.suse.com/1000703 SUSE Bug 1000703 https://bugzilla.suse.com/1054924 SUSE Bug 1054924 The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. CVE-2017-11446 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-11446.html CVE-2017-11446 https://bugzilla.suse.com/1049379 SUSE Bug 1049379 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. CVE-2017-11534 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-11534.html CVE-2017-11534 https://bugzilla.suse.com/1050135 SUSE Bug 1050135 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. CVE-2017-12428 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-12428.html CVE-2017-12428 https://bugzilla.suse.com/1052249 SUSE Bug 1052249 https://bugzilla.suse.com/1052253 SUSE Bug 1052253 In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. CVE-2017-12431 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-12431.html CVE-2017-12431 https://bugzilla.suse.com/1052249 SUSE Bug 1052249 https://bugzilla.suse.com/1052253 SUSE Bug 1052253 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. CVE-2017-12433 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-12433.html CVE-2017-12433 https://bugzilla.suse.com/1052545 SUSE Bug 1052545 In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. CVE-2017-13133 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-13133.html CVE-2017-13133 https://bugzilla.suse.com/1055219 SUSE Bug 1055219 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. CVE-2017-13139 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-13139.html CVE-2017-13139 https://bugzilla.suse.com/1055430 SUSE Bug 1055430 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. CVE-2017-15033 openSUSE Leap 42.2:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.2:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.2:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.2:perl-PerlMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-37.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-37.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-37.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-11/msg00042.html https://www.suse.com/security/cve/CVE-2017-15033.html CVE-2017-15033 https://bugzilla.suse.com/1061873 SUSE Bug 1061873