Security update for GraphicsMagick

Announcement ID:	SUSE-SU-2018:0197-1
Rating:	moderate
References:	bsc#1047044 bsc#1047054 bsc#1048457 bsc#1049373 bsc#1050129 bsc#1051412 bsc#1051847 bsc#1052252 bsc#1052460 bsc#1052758 bsc#1052764 bsc#1052771 bsc#1055063 bsc#1056550 bsc#1057723 bsc#1058082 bsc#1058422 bsc#1060577 bsc#1061587 bsc#1063050 bsc#1067177 bsc#1074969 bsc#1074975
Cross-References:	CVE-2017-10799 CVE-2017-10800 CVE-2017-11188 CVE-2017-11449 CVE-2017-11532 CVE-2017-12140 CVE-2017-12430 CVE-2017-12563 CVE-2017-12642 CVE-2017-12644 CVE-2017-12662 CVE-2017-12691 CVE-2017-13061 CVE-2017-14042 CVE-2017-14174 CVE-2017-14249 CVE-2017-14343 CVE-2017-14733 CVE-2017-14994 CVE-2017-15277 CVE-2017-16547 CVE-2017-18022 CVE-2018-5247
CVSS scores:	CVE-2017-10799 ( SUSE ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-10799 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-10800 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-10800 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-11188 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-11188 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11449 ( SUSE ): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-11449 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-11532 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-11532 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12140 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-12140 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12430 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-12430 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-12563 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-12563 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12642 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-12642 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12644 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-12644 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12662 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-12662 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12691 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-13061 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-13061 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14042 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14042 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14174 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14174 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14174 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14249 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14249 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14343 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14343 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14733 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14733 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14994 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14994 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15277 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-15277 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2017-16547 ( SUSE ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-16547 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-18022 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-18022 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5247 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-5247 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Studio Onsite 1.3

An update that solves 23 vulnerabilities can now be installed.

Description:

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

• CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422)
• CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422)
• CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550)
• CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063)
• CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460)
• CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but did not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723)
• CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050)
• CVE-2017-14733: ReadRLEImage in coders/rle.c mishandled RLE headers that specified too few colors, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file (bsc#1060577).
• CVE-2017-12662: Fixed a memory leak vulnerability in WritePDFImage in coders/pdf.c (bsc#1052758).
• CVE-2017-14994: ReadDCMImage in coders/dcm.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames (bsc#1061587).
• CVE-2017-12140: The ReadDCMImage function in coders\dcm.c had an integer signedness error leading to excessive memory consumption via a crafted DCM file (bsc#1051847).
• CVE-2017-12644: Fixed memory leak vulnerability in ReadDCMImage in coders\dcm.c (bsc#1052764).
• CVE-2017-11188: The ReadDPXImage function in coders\dpx.c had a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check (bsc#1048457).
• CVE-2017-10799: When processing a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) could have occurred in ReadDPXImage() (bsc#1047054).
• CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373).
• CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129).
• CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252).
• CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771).
• CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082).
• CVE-2017-16547: The DrawImage function in magick/render.c did not properly look for pop keywords that are associated with push keywords, which allowed remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file (bsc#1067177).
• Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)
• CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044).
• CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975).
• CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-GraphicsMagick-13435=1
• SUSE Studio Onsite 1.3
  zypper in -t patch slestso13-GraphicsMagick-13435=1

Package List:

• SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • libGraphicsMagick2-1.2.5-4.78.28.2
  • perl-GraphicsMagick-1.2.5-4.78.28.2
  • GraphicsMagick-1.2.5-4.78.28.2
• SUSE Studio Onsite 1.3 (x86_64)
  • libGraphicsMagick2-1.2.5-4.78.28.2
  • GraphicsMagick-1.2.5-4.78.28.2

References:

• https://www.suse.com/security/cve/CVE-2017-10799.html
• https://www.suse.com/security/cve/CVE-2017-10800.html
• https://www.suse.com/security/cve/CVE-2017-11188.html
• https://www.suse.com/security/cve/CVE-2017-11449.html
• https://www.suse.com/security/cve/CVE-2017-11532.html
• https://www.suse.com/security/cve/CVE-2017-12140.html
• https://www.suse.com/security/cve/CVE-2017-12430.html
• https://www.suse.com/security/cve/CVE-2017-12563.html
• https://www.suse.com/security/cve/CVE-2017-12642.html
• https://www.suse.com/security/cve/CVE-2017-12644.html
• https://www.suse.com/security/cve/CVE-2017-12662.html
• https://www.suse.com/security/cve/CVE-2017-12691.html
• https://www.suse.com/security/cve/CVE-2017-13061.html
• https://www.suse.com/security/cve/CVE-2017-14042.html
• https://www.suse.com/security/cve/CVE-2017-14174.html
• https://www.suse.com/security/cve/CVE-2017-14249.html
• https://www.suse.com/security/cve/CVE-2017-14343.html
• https://www.suse.com/security/cve/CVE-2017-14733.html
• https://www.suse.com/security/cve/CVE-2017-14994.html
• https://www.suse.com/security/cve/CVE-2017-15277.html
• https://www.suse.com/security/cve/CVE-2017-16547.html
• https://www.suse.com/security/cve/CVE-2017-18022.html
• https://www.suse.com/security/cve/CVE-2018-5247.html
• https://bugzilla.suse.com/show_bug.cgi?id=1047044
• https://bugzilla.suse.com/show_bug.cgi?id=1047054
• https://bugzilla.suse.com/show_bug.cgi?id=1048457
• https://bugzilla.suse.com/show_bug.cgi?id=1049373
• https://bugzilla.suse.com/show_bug.cgi?id=1050129
• https://bugzilla.suse.com/show_bug.cgi?id=1051412
• https://bugzilla.suse.com/show_bug.cgi?id=1051847
• https://bugzilla.suse.com/show_bug.cgi?id=1052252
• https://bugzilla.suse.com/show_bug.cgi?id=1052460
• https://bugzilla.suse.com/show_bug.cgi?id=1052758
• https://bugzilla.suse.com/show_bug.cgi?id=1052764
• https://bugzilla.suse.com/show_bug.cgi?id=1052771
• https://bugzilla.suse.com/show_bug.cgi?id=1055063
• https://bugzilla.suse.com/show_bug.cgi?id=1056550
• https://bugzilla.suse.com/show_bug.cgi?id=1057723
• https://bugzilla.suse.com/show_bug.cgi?id=1058082
• https://bugzilla.suse.com/show_bug.cgi?id=1058422
• https://bugzilla.suse.com/show_bug.cgi?id=1060577
• https://bugzilla.suse.com/show_bug.cgi?id=1061587
• https://bugzilla.suse.com/show_bug.cgi?id=1063050
• https://bugzilla.suse.com/show_bug.cgi?id=1067177
• https://bugzilla.suse.com/show_bug.cgi?id=1074969
• https://bugzilla.suse.com/show_bug.cgi?id=1074975