ImageMagick-7.1.0.8-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10597 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.0.8-1.2 on GA media These are all security issues fixed in the ImageMagick-7.1.0.8-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10597 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10597 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-4601/ SUSE CVE CVE-2005-4601 page https://www.suse.com/security/cve/CVE-2006-0082/ SUSE CVE CVE-2006-0082 page https://www.suse.com/security/cve/CVE-2006-5456/ SUSE CVE CVE-2006-5456 page https://www.suse.com/security/cve/CVE-2007-1797/ SUSE CVE CVE-2007-1797 page https://www.suse.com/security/cve/CVE-2007-4985/ SUSE CVE CVE-2007-4985 page https://www.suse.com/security/cve/CVE-2007-4987/ SUSE CVE CVE-2007-4987 page https://www.suse.com/security/cve/CVE-2018-9135/ SUSE CVE CVE-2018-9135 page openSUSE Tumbleweed ImageMagick-7.1.0.8-1.2 ImageMagick-config-7-SUSE-7.1.0.8-1.2 ImageMagick-config-7-upstream-7.1.0.8-1.2 ImageMagick-devel-7.1.0.8-1.2 ImageMagick-devel-32bit-7.1.0.8-1.2 ImageMagick-doc-7.1.0.8-1.2 ImageMagick-extra-7.1.0.8-1.2 libMagick++-7_Q16HDRI5-7.1.0.8-1.2 libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 libMagick++-devel-7.1.0.8-1.2 libMagick++-devel-32bit-7.1.0.8-1.2 libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 perl-PerlMagick-7.1.0.8-1.2 ImageMagick-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.0.8-1.2 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.0.8-1.2 as a component of openSUSE Tumbleweed The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. CVE-2005-4601 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-4601.html CVE-2005-4601 https://bugzilla.suse.com/141999 SUSE Bug 141999 Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. CVE-2006-0082 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0082.html CVE-2006-0082 https://bugzilla.suse.com/141390 SUSE Bug 141390 Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. CVE-2006-5456 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-5456.html CVE-2006-5456 https://bugzilla.suse.com/215685 SUSE Bug 215685 Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. CVE-2007-1797 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-1797.html CVE-2007-1797 https://bugzilla.suse.com/258253 SUSE Bug 258253 https://bugzilla.suse.com/279866 SUSE Bug 279866 ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. CVE-2007-4985 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4985.html CVE-2007-4985 https://bugzilla.suse.com/327021 SUSE Bug 327021 Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. CVE-2007-4987 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4987.html CVE-2007-4987 https://bugzilla.suse.com/327021 SUSE Bug 327021 In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. CVE-2018-9135 openSUSE Tumbleweed:ImageMagick-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.8-1.2 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagick++-devel-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.8-1.2 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.8-1.2 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.8-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-9135.html CVE-2018-9135 https://bugzilla.suse.com/1087825 SUSE Bug 1087825