Security update for ImageMagick
SUSE Security Update: Security update for ImageMagick
This update of ImageMagick fixes multiple security
vulnerabilities that could have been exploited by
attackers via specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when
processing EXIF directory entries with tags of e.g. format
5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
"number_bytes" and "offset" could lead to memory corruption.
* CVE-2012-0248 / CVE-2012-1186: Denial of service via
"profile.c".
* CVE-2012-0260: Denial of service via JPEG restart
markers (excessive CPU consumption).
Security Issue references:
* CVE-2012-0247
>
* CVE-2012-0248
>
* CVE-2012-1185
>
* CVE-2012-1186
>
* CVE-2012-0259
>
* CVE-2012-0260
>
* CVE-2012-1610
>
http://support.novell.com/security/cve/CVE-2012-0247.html
http://support.novell.com/security/cve/CVE-2012-0248.html
http://support.novell.com/security/cve/CVE-2012-0259.html
http://support.novell.com/security/cve/CVE-2012-0260.html
http://support.novell.com/security/cve/CVE-2012-1185.html
http://support.novell.com/security/cve/CVE-2012-1186.html
http://support.novell.com/security/cve/CVE-2012-1610.html
https://bugzilla.novell.com/746880
https://bugzilla.novell.com/752879
https://bugzilla.novell.com/754749
https://bugzilla.novell.com/758512
http://download.suse.com/patch/finder/?keywords=73ca451abc4b60d47f7346db66e99f9a
Announcement ID: | SUSE-SU-2012:0764-1 |
Rating: | moderate |
References: | #746880 #752879 #754749 #758512 |
Affected Products: |
An update that fixes 7 vulnerabilities is now available.
Description:
This update of ImageMagick fixes multiple security
vulnerabilities that could have been exploited by
attackers via specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when
processing EXIF directory entries with tags of e.g. format
5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
"number_bytes" and "offset" could lead to memory corruption.
* CVE-2012-0248 / CVE-2012-1186: Denial of service via
"profile.c".
* CVE-2012-0260: Denial of service via JPEG restart
markers (excessive CPU consumption).
Security Issue references:
* CVE-2012-0247
* CVE-2012-0248
* CVE-2012-1185
* CVE-2012-1186
* CVE-2012-0259
* CVE-2012-0260
* CVE-2012-1610
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- ImageMagick-6.2.5-16.34.1
- ImageMagick-Magick++-6.2.5-16.34.1
- ImageMagick-devel-6.2.5-16.34.1
- perl-PerlMagick-6.2.5-16.34.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
- ImageMagick-6.2.5-16.34.1
- ImageMagick-Magick++-6.2.5-16.34.1
- ImageMagick-Magick++-devel-6.2.5-16.34.1
- ImageMagick-devel-6.2.5-16.34.1
- perl-PerlMagick-6.2.5-16.34.1