Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2742-2 Final 1 1 2018-09-17T07:54:10Z current 2018-09-17T07:54:10Z 2018-09-17T07:54:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00054.html E-Mail link for openSUSE-SU-2018:2742-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 15 GraphicsMagick-1.3.29-bp150.2.6.1 GraphicsMagick-devel-1.3.29-bp150.2.6.1 libGraphicsMagick++-Q16-12-1.3.29-bp150.2.6.1 libGraphicsMagick++-devel-1.3.29-bp150.2.6.1 libGraphicsMagick-Q16-3-1.3.29-bp150.2.6.1 libGraphicsMagick3-config-1.3.29-bp150.2.6.1 libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.6.1 perl-GraphicsMagick-1.3.29-bp150.2.6.1 GraphicsMagick-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 GraphicsMagick-devel-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libGraphicsMagick++-Q16-12-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libGraphicsMagick++-devel-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libGraphicsMagick-Q16-3-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libGraphicsMagick3-config-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 perl-GraphicsMagick-1.3.29-bp150.2.6.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. CVE-2018-16644 SUSE Package Hub for SUSE Linux Enterprise 15:GraphicsMagick-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:GraphicsMagick-devel-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick++-devel-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick3-config-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:perl-GraphicsMagick-1.3.29-bp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00054.html https://www.suse.com/security/cve/CVE-2018-16644.html CVE-2018-16644 https://bugzilla.suse.com/1107609 SUSE Bug 1107609 https://bugzilla.suse.com/1107612 SUSE Bug 1107612 https://bugzilla.suse.com/1117463 SUSE Bug 1117463 There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. CVE-2018-16645 SUSE Package Hub for SUSE Linux Enterprise 15:GraphicsMagick-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:GraphicsMagick-devel-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick++-devel-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagick3-config-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.6.1 SUSE Package Hub for SUSE Linux Enterprise 15:perl-GraphicsMagick-1.3.29-bp150.2.6.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00054.html https://www.suse.com/security/cve/CVE-2018-16645.html CVE-2018-16645 https://bugzilla.suse.com/1107604 SUSE Bug 1107604