Beschreibung: | Summary: The remote host is missing an update for the 'GraphicsMagick' package(s) announced via the referenced advisory.
Vulnerability Insight: This update for GraphicsMagick fixes the following issues:
- a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a 'pipe' char then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178)
- Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752])
- Prevent overflow in rle files (CVE-2014-9846, boo#983521)
- Fix a double free in pdb coder (CVE-2014-9807, boo#983794)
- Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799)
- Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372)
- Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400)
- Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)
- Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)
- Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375)
- Additional PNM sanity checks (CVE-2014-9837, boo#984166)
- Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394)
- Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)
- Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)
- Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)
- Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698)
- Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)
- Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707)
- Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711)
- BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)
- SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)
- Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206)
- Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209)
- 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422)
- wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)
- Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123)
- Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125)
- Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127)
- Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245)
- heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)
Affected Software/OS: GraphicsMagick on openSUSE Leap 42.2
Solution: Please install the updated package(s).
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|