openSUSE Security Update : GraphicsMagick (openSUSE-2017-1346)

high Nessus Plugin ID 105233



The remote openSUSE host is missing a security update.


This update for GraphicsMagick fixes the following issues :

Security issues fixed :

- CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181).

- CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485).

- CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409).

- CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184).

- CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637).

- CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162).

- CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632).


Update the affected GraphicsMagick packages.

See Also

Plugin Details

Severity: High

ID: 105233

File Name: openSUSE-2017-1346.nasl

Version: 3.4

Type: local

Agent: unix

Published: 12/14/2017

Updated: 1/19/2021

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C


Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:GraphicsMagick, p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo, p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource, p-cpe:/a:novell:opensuse:GraphicsMagick-devel, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel, p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3, p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo, p-cpe:/a:novell:opensuse:libGraphicsMagick3-config, p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2, p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo, p-cpe:/a:novell:opensuse:perl-GraphicsMagick, p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/5/2017

Reference Information

CVE: CVE-2017-11640, CVE-2017-13737, CVE-2017-14341, CVE-2017-14342, CVE-2017-16545, CVE-2017-16546, CVE-2017-16669