openSUSE Security Update : GraphicsMagick (openSUSE-2017-1346)

high Nessus Plugin ID 105233

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

- CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181).

- CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485).

- CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409).

- CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184).

- CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637).

- CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162).

- CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632).

Solution

Update the affected GraphicsMagick packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1050632

https://bugzilla.opensuse.org/show_bug.cgi?id=1056162

https://bugzilla.opensuse.org/show_bug.cgi?id=1058485

https://bugzilla.opensuse.org/show_bug.cgi?id=1058637

https://bugzilla.opensuse.org/show_bug.cgi?id=1067181

https://bugzilla.opensuse.org/show_bug.cgi?id=1067184

https://bugzilla.opensuse.org/show_bug.cgi?id=1067409

Plugin Details

Severity: High

ID: 105233

File Name: openSUSE-2017-1346.nasl

Version: 3.4

Type: local

Agent: unix

Published: 12/14/2017

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:graphicsmagick, p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo, p-cpe:/a:novell:opensuse:graphicsmagick-debugsource, p-cpe:/a:novell:opensuse:graphicsmagick-devel, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel, p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3, p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo, p-cpe:/a:novell:opensuse:libgraphicsmagick3-config, p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2, p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo, p-cpe:/a:novell:opensuse:perl-graphicsmagick, p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/5/2017

Reference Information

CVE: CVE-2017-11640, CVE-2017-13737, CVE-2017-14341, CVE-2017-14342, CVE-2017-16545, CVE-2017-16546, CVE-2017-16669