This update for ImageMagick fixes the following issues :

  - security update (png.c)

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-10177: there is an infinite loop in the     ReadOneMNGImagefunction of the coders/png.c file. Remote     attackers could leverage thisvulnerability to cause a     denial of service (bsc#1089781)

  - security update (wand)

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (core)

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

  - security update (pcd.c)

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (tiff.c)

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick memory allocation issue     could lead to denial of service (bsc#1086782)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:1129-1)

high Nessus Plugin ID 109550

Version 1.7