ImageMagick-6.9.6.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10040-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-6.9.6.6-1.1 on GA media These are all security issues fixed in the ImageMagick-6.9.6.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10040 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-0247/ SUSE CVE CVE-2012-0247 page https://www.suse.com/security/cve/CVE-2012-0248/ SUSE CVE CVE-2012-0248 page https://www.suse.com/security/cve/CVE-2012-1185/ SUSE CVE CVE-2012-1185 page https://www.suse.com/security/cve/CVE-2012-1186/ SUSE CVE CVE-2012-1186 page https://www.suse.com/security/cve/CVE-2016-3714/ SUSE CVE CVE-2016-3714 page https://www.suse.com/security/cve/CVE-2016-3715/ SUSE CVE CVE-2016-3715 page https://www.suse.com/security/cve/CVE-2016-3716/ SUSE CVE CVE-2016-3716 page https://www.suse.com/security/cve/CVE-2016-3717/ SUSE CVE CVE-2016-3717 page https://www.suse.com/security/cve/CVE-2016-3718/ SUSE CVE CVE-2016-3718 page https://www.suse.com/security/cve/CVE-2016-5118/ SUSE CVE CVE-2016-5118 page openSUSE Tumbleweed ImageMagick-6.9.6.6-1.1 ImageMagick-devel-6.9.6.6-1.1 ImageMagick-devel-32bit-6.9.6.6-1.1 ImageMagick-doc-6.9.6.6-1.1 ImageMagick-extra-6.9.6.6-1.1 libMagick++-6_Q16-6-6.9.6.6-1.1 libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 libMagick++-devel-6.9.6.6-1.1 libMagick++-devel-32bit-6.9.6.6-1.1 libMagickCore-6_Q16-2-6.9.6.6-1.1 libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 libMagickWand-6_Q16-2-6.9.6.6-1.1 libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 perl-PerlMagick-6.9.6.6-1.1 ImageMagick-6.9.6.6-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-6.9.6.6-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-6.9.6.6-1.1 as a component of openSUSE Tumbleweed ImageMagick-doc-6.9.6.6-1.1 as a component of openSUSE Tumbleweed ImageMagick-extra-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagick++-6_Q16-6-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagickCore-6_Q16-2-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagickWand-6_Q16-2-6.9.6.6-1.1 as a component of openSUSE Tumbleweed libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 as a component of openSUSE Tumbleweed perl-PerlMagick-6.9.6.6-1.1 as a component of openSUSE Tumbleweed ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. CVE-2012-0247 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0247.html CVE-2012-0247 https://bugzilla.suse.com/746880 SUSE Bug 746880 https://bugzilla.suse.com/752879 SUSE Bug 752879 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. CVE-2012-0248 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0248.html CVE-2012-0248 https://bugzilla.suse.com/746880 SUSE Bug 746880 https://bugzilla.suse.com/752879 SUSE Bug 752879 Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. CVE-2012-1185 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1185.html CVE-2012-1185 https://bugzilla.suse.com/752879 SUSE Bug 752879 Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. CVE-2012-1186 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1186.html CVE-2012-1186 https://bugzilla.suse.com/752879 SUSE Bug 752879 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." CVE-2016-3714 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3714.html CVE-2016-3714 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 https://bugzilla.suse.com/980401 SUSE Bug 980401 https://bugzilla.suse.com/982178 SUSE Bug 982178 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3715.html CVE-2016-3715 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. CVE-2016-3716 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3716.html CVE-2016-3716 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3717.html CVE-2016-3717 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. CVE-2016-3718 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3718.html CVE-2016-3718 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. CVE-2016-5118 openSUSE Tumbleweed:ImageMagick-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-devel-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-doc-6.9.6.6-1.1 openSUSE Tumbleweed:ImageMagick-extra-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-6_Q16-6-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagick++-devel-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickCore-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-32bit-6.9.6.6-1.1 openSUSE Tumbleweed:libMagickWand-6_Q16-2-6.9.6.6-1.1 openSUSE Tumbleweed:perl-PerlMagick-6.9.6.6-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5118.html CVE-2016-5118 https://bugzilla.suse.com/1000484 SUSE Bug 1000484 https://bugzilla.suse.com/982178 SUSE Bug 982178