This update for ImageMagick fixes the following issues: This security issue was fixed :

  - CVE-2017-7941: The ReadSGIImage function in sgi.c     allowed remote attackers to consume an amount of     available memory via a crafted file (bsc#1034876).

  - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of     service (memory leak) via a crafted file (ReadPCDImage     func in pcd.c) (bsc#1036986).

  - CVE-2017-8352: denial of service (memory leak) via a     crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)

  - CVE-2017-8349: denial of service (memory leak) via a     crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)

  - CVE-2017-8350: denial of service (memory leak) via a     crafted file (ReadJNGImage function in png.c)     (bsc#1036985)

  - CVE-2017-8345: denial of service (memory leak) via a     crafted file (ReadMNGImage func in png.c) (bsc#1036980)

  - CVE-2017-8346: denial of service (memory leak) via a     crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)

  - CVE-2017-8353: denial of service (memory leak) via a     crafted file (ReadPICTImage func in pict.c)     (bsc#1036988)

  - CVE-2017-8830: denial of service (memory leak) via a     crafted file (ReadBMPImage func in bmp.c:1379)     (bsc#1038000)

  - CVE-2017-7606: denial of service (application crash) or     possibly have unspecified other impact via a crafted     image (bsc#1033091)

  - CVE-2017-8765: memory leak vulnerability via a crafted     ICON file (ReadICONImage in coders\icon.c) (bsc#1037527)

  - CVE-2017-8355: denial of service (memory leak) via a     crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)

  - CVE-2017-8344: denial of service (memory leak) via a     crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)

  - CVE-2017-9098: uninitialized memory usage in the     ReadRLEImage RLE decoder function coders/rle.c     (bsc#1040025)

  - CVE-2017-9141: Missing checks in the ReadDDSImage     function in coders/dds.c could lead to a denial of     service (assertion) (bsc#1040303)

  - CVE-2017-9142: Missing checks in theReadOneJNGImage     function in coders/png.c could lead to denial of service     (assertion) (bsc#1040304)

  - CVE-2017-9143: A possible denial of service attack via     crafted .art file in ReadARTImage function in     coders/art.c (bsc#1040306)

  - CVE-2017-9144: A crafted RLE image can trigger a crash     in coders/rle.c could lead to a denial of service     (crash) (bsc#1040332)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:1599-1)

critical Nessus Plugin ID 100908

Version 3.9