Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.3378.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:3378-1)
Summary:The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2017:3378-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2017:3378-1 advisory.

Vulnerability Insight:
This update for ImageMagick fixes the following issues:
* CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas
could possibly disclose potentially sensitive memory [bsc#1059778]
* CVE-2017-11640: NULL pointer deref in WritePTIFImage() in
coders/tiff.c [bsc#1050632]
* CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in
coders/wpg.c could lead to denial of service [bsc#1058485]
* CVE-2017-14341: Infinite loop in the ReadWPGImage function
[bsc#1058637]
* CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c
could lead to denial of service [bsc#1067181]
* CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in
validation problems could lead to denial of service [bsc#1067184]
* CVE-2017-14175: Lack of End of File check could lead to denial of
service [bsc#1057719]
* CVE-2017-13769: denial of service issue in function
WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]
* CVE-2017-13134: a heap-based buffer over-read was found in thefunction
SFWScan in coders/sfw.c, which allows attackers to cause adenial of
service via a crafted file. [bsc#1055214]
* CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick
allows remote attackers to cause a DoS [bsc#1049796]
* CVE-2017-15930: Null Pointer dereference while transfering JPEG
scanlines could lead to denial of service [bsc#1066003]
* CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c allows remote attackers to cause a denial of
service [bsc#1054757]
* CVE-2017-14531: memory exhaustion issue in ReadSUNImage
incoders/sun.c. [bsc#1059666]
* CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,
which allows attackers to cause denial of service [bsc#1052553]
* CVE-2017-12587: User controlable large loop in the ReadPWPImage in
coders\pwp.c could lead to denial of service [bsc#1052450]
* CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer
overflow that could lead to denial of service [bsc#1057729]
* CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c
in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause
CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.
[bnc#1048457]
* CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows
remote attackers to cause DoS [bnc#1050116]
* CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer
over-read in WritePSImage() in coders/ps.c [bnc#1050139]
* CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows
to cause DoS [bnc#1051441]
* CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a
ninteger signedness error leading to excessive memory consumption
[bnc#1051847]
* CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in
coders/cals.c [bnc#1052689]
* CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in
WritePDFImage in coders/pdf.... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ImageMagick' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-11188
Common Vulnerability Exposure (CVE) ID: CVE-2017-11478
Common Vulnerability Exposure (CVE) ID: CVE-2017-11527
Common Vulnerability Exposure (CVE) ID: CVE-2017-11535
Common Vulnerability Exposure (CVE) ID: CVE-2017-11640
Common Vulnerability Exposure (CVE) ID: CVE-2017-11752
Common Vulnerability Exposure (CVE) ID: CVE-2017-12140
Common Vulnerability Exposure (CVE) ID: CVE-2017-12435
Common Vulnerability Exposure (CVE) ID: CVE-2017-12587
Common Vulnerability Exposure (CVE) ID: CVE-2017-12644
Common Vulnerability Exposure (CVE) ID: CVE-2017-12662
Common Vulnerability Exposure (CVE) ID: CVE-2017-12669
Common Vulnerability Exposure (CVE) ID: CVE-2017-12983
Common Vulnerability Exposure (CVE) ID: CVE-2017-13134
Common Vulnerability Exposure (CVE) ID: CVE-2017-13769
Common Vulnerability Exposure (CVE) ID: CVE-2017-14172
Common Vulnerability Exposure (CVE) ID: CVE-2017-14173
Common Vulnerability Exposure (CVE) ID: CVE-2017-14175
Common Vulnerability Exposure (CVE) ID: CVE-2017-14341
Common Vulnerability Exposure (CVE) ID: CVE-2017-14342
Common Vulnerability Exposure (CVE) ID: CVE-2017-14531
Common Vulnerability Exposure (CVE) ID: CVE-2017-14607
Common Vulnerability Exposure (CVE) ID: CVE-2017-14733
Common Vulnerability Exposure (CVE) ID: CVE-2017-15930
Common Vulnerability Exposure (CVE) ID: CVE-2017-16545
Common Vulnerability Exposure (CVE) ID: CVE-2017-16546
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.