GraphicsMagick-1.3.36-1.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10596-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z GraphicsMagick-1.3.36-1.7 on GA media These are all security issues fixed in the GraphicsMagick-1.3.36-1.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10596 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-3744/ SUSE CVE CVE-2006-3744 page https://www.suse.com/security/cve/CVE-2006-5456/ SUSE CVE CVE-2006-5456 page https://www.suse.com/security/cve/CVE-2007-1797/ SUSE CVE CVE-2007-1797 page https://www.suse.com/security/cve/CVE-2007-4985/ SUSE CVE CVE-2007-4985 page https://www.suse.com/security/cve/CVE-2007-4988/ SUSE CVE CVE-2007-4988 page https://www.suse.com/security/cve/CVE-2008-1096/ SUSE CVE CVE-2008-1096 page https://www.suse.com/security/cve/CVE-2008-1097/ SUSE CVE CVE-2008-1097 page https://www.suse.com/security/cve/CVE-2016-7800/ SUSE CVE CVE-2016-7800 page https://www.suse.com/security/cve/CVE-2016-7996/ SUSE CVE CVE-2016-7996 page https://www.suse.com/security/cve/CVE-2016-7997/ SUSE CVE CVE-2016-7997 page https://www.suse.com/security/cve/CVE-2016-9830/ SUSE CVE CVE-2016-9830 page https://www.suse.com/security/cve/CVE-2017-10794/ SUSE CVE CVE-2017-10794 page https://www.suse.com/security/cve/CVE-2017-10799/ SUSE CVE CVE-2017-10799 page https://www.suse.com/security/cve/CVE-2017-10800/ SUSE CVE CVE-2017-10800 page https://www.suse.com/security/cve/CVE-2017-6335/ SUSE CVE CVE-2017-6335 page https://www.suse.com/security/cve/CVE-2017-8350/ SUSE CVE CVE-2017-8350 page https://www.suse.com/security/cve/CVE-2020-12672/ SUSE CVE CVE-2020-12672 page openSUSE Tumbleweed GraphicsMagick-1.3.36-1.7 GraphicsMagick-devel-1.3.36-1.7 libGraphicsMagick++-Q16-12-1.3.36-1.7 libGraphicsMagick++-devel-1.3.36-1.7 libGraphicsMagick-Q16-3-1.3.36-1.7 libGraphicsMagick3-config-1.3.36-1.7 libGraphicsMagickWand-Q16-2-1.3.36-1.7 perl-GraphicsMagick-1.3.36-1.7 GraphicsMagick-1.3.36-1.7 as a component of openSUSE Tumbleweed GraphicsMagick-devel-1.3.36-1.7 as a component of openSUSE Tumbleweed libGraphicsMagick++-Q16-12-1.3.36-1.7 as a component of openSUSE Tumbleweed libGraphicsMagick++-devel-1.3.36-1.7 as a component of openSUSE Tumbleweed libGraphicsMagick-Q16-3-1.3.36-1.7 as a component of openSUSE Tumbleweed libGraphicsMagick3-config-1.3.36-1.7 as a component of openSUSE Tumbleweed libGraphicsMagickWand-Q16-2-1.3.36-1.7 as a component of openSUSE Tumbleweed perl-GraphicsMagick-1.3.36-1.7 as a component of openSUSE Tumbleweed Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. CVE-2006-3744 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-3744.html CVE-2006-3744 https://bugzilla.suse.com/198648 SUSE Bug 198648 Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. CVE-2006-5456 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-5456.html CVE-2006-5456 https://bugzilla.suse.com/215685 SUSE Bug 215685 Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. CVE-2007-1797 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-1797.html CVE-2007-1797 https://bugzilla.suse.com/258253 SUSE Bug 258253 https://bugzilla.suse.com/279866 SUSE Bug 279866 ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. CVE-2007-4985 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4985.html CVE-2007-4985 https://bugzilla.suse.com/327021 SUSE Bug 327021 Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. CVE-2007-4988 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4988.html CVE-2007-4988 https://bugzilla.suse.com/327021 SUSE Bug 327021 The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. CVE-2008-1096 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1096.html CVE-2008-1096 https://bugzilla.suse.com/391364 SUSE Bug 391364 Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. CVE-2008-1097 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1097.html CVE-2008-1097 https://bugzilla.suse.com/391366 SUSE Bug 391366 Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. CVE-2016-7800 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7800.html CVE-2016-7800 https://bugzilla.suse.com/1002422 SUSE Bug 1002422 Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. CVE-2016-7996 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7996.html CVE-2016-7996 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 https://bugzilla.suse.com/1067184 SUSE Bug 1067184 The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. CVE-2016-7997 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7997.html CVE-2016-7997 https://bugzilla.suse.com/1003629 SUSE Bug 1003629 The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. CVE-2016-9830 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9830.html CVE-2016-9830 https://bugzilla.suse.com/1013640 SUSE Bug 1013640 When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. CVE-2017-10794 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10794.html CVE-2017-10794 https://bugzilla.suse.com/1112392 SUSE Bug 1112392 When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). CVE-2017-10799 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10799.html CVE-2017-10799 https://bugzilla.suse.com/1047054 SUSE Bug 1047054 https://bugzilla.suse.com/1050116 SUSE Bug 1050116 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. CVE-2017-10800 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10800.html CVE-2017-10800 https://bugzilla.suse.com/1047044 SUSE Bug 1047044 The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. CVE-2017-6335 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6335.html CVE-2017-6335 https://bugzilla.suse.com/1027255 SUSE Bug 1027255 In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. CVE-2017-8350 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 low 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-8350.html CVE-2017-8350 https://bugzilla.suse.com/1036985 SUSE Bug 1036985 https://bugzilla.suse.com/1053919 SUSE Bug 1053919 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. CVE-2020-12672 openSUSE Tumbleweed:GraphicsMagick-1.3.36-1.7 openSUSE Tumbleweed:GraphicsMagick-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-Q16-12-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick++-devel-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick-Q16-3-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagick3-config-1.3.36-1.7 openSUSE Tumbleweed:libGraphicsMagickWand-Q16-2-1.3.36-1.7 openSUSE Tumbleweed:perl-GraphicsMagick-1.3.36-1.7 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12672.html CVE-2020-12672 https://bugzilla.suse.com/1171271 SUSE Bug 1171271