ImageMagick-7.1.0.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11564-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.0.9-1.1 on GA media These are all security issues fixed in the ImageMagick-7.1.0.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11564 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-10805/ SUSE CVE CVE-2018-10805 page https://www.suse.com/security/cve/CVE-2018-14434/ SUSE CVE CVE-2018-14434 page https://www.suse.com/security/cve/CVE-2018-16328/ SUSE CVE CVE-2018-16328 page https://www.suse.com/security/cve/CVE-2018-16641/ SUSE CVE CVE-2018-16641 page https://www.suse.com/security/cve/CVE-2018-17966/ SUSE CVE CVE-2018-17966 page https://www.suse.com/security/cve/CVE-2019-11007/ SUSE CVE CVE-2019-11007 page https://www.suse.com/security/cve/CVE-2019-11506/ SUSE CVE CVE-2019-11506 page https://www.suse.com/security/cve/CVE-2019-12976/ SUSE CVE CVE-2019-12976 page https://www.suse.com/security/cve/CVE-2019-13134/ SUSE CVE CVE-2019-13134 page https://www.suse.com/security/cve/CVE-2019-13296/ SUSE CVE CVE-2019-13296 page https://www.suse.com/security/cve/CVE-2019-13301/ SUSE CVE CVE-2019-13301 page https://www.suse.com/security/cve/CVE-2019-13306/ SUSE CVE CVE-2019-13306 page https://www.suse.com/security/cve/CVE-2019-13311/ SUSE CVE CVE-2019-13311 page https://www.suse.com/security/cve/CVE-2019-15139/ SUSE CVE CVE-2019-15139 page https://www.suse.com/security/cve/CVE-2019-16710/ SUSE CVE CVE-2019-16710 page https://www.suse.com/security/cve/CVE-2019-19949/ SUSE CVE CVE-2019-19949 page https://www.suse.com/security/cve/CVE-2019-7398/ SUSE CVE CVE-2019-7398 page https://www.suse.com/security/cve/CVE-2020-25666/ SUSE CVE CVE-2020-25666 page https://www.suse.com/security/cve/CVE-2020-27750/ SUSE CVE CVE-2020-27750 page https://www.suse.com/security/cve/CVE-2020-27755/ SUSE CVE CVE-2020-27755 page https://www.suse.com/security/cve/CVE-2020-27760/ SUSE CVE CVE-2020-27760 page https://www.suse.com/security/cve/CVE-2020-27765/ SUSE CVE CVE-2020-27765 page https://www.suse.com/security/cve/CVE-2020-27770/ SUSE CVE CVE-2020-27770 page https://www.suse.com/security/cve/CVE-2020-27775/ SUSE CVE CVE-2020-27775 page https://www.suse.com/security/cve/CVE-2021-20246/ SUSE CVE CVE-2021-20246 page https://www.suse.com/security/cve/CVE-2021-20312/ SUSE CVE CVE-2021-20312 page openSUSE Tumbleweed ImageMagick-7.1.0.9-1.1 ImageMagick-config-7-SUSE-7.1.0.9-1.1 ImageMagick-config-7-upstream-7.1.0.9-1.1 ImageMagick-devel-7.1.0.9-1.1 ImageMagick-devel-32bit-7.1.0.9-1.1 ImageMagick-doc-7.1.0.9-1.1 ImageMagick-extra-7.1.0.9-1.1 libMagick++-7_Q16HDRI5-7.1.0.9-1.1 libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 libMagick++-devel-7.1.0.9-1.1 libMagick++-devel-32bit-7.1.0.9-1.1 libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 perl-PerlMagick-7.1.0.9-1.1 ImageMagick-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.0.9-1.1 as a component of openSUSE Tumbleweed ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. CVE-2018-10805 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10805.html CVE-2018-10805 https://bugzilla.suse.com/1095812 SUSE Bug 1095812 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. CVE-2018-14434 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14434.html CVE-2018-14434 https://bugzilla.suse.com/1102003 SUSE Bug 1102003 In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. CVE-2018-16328 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16328.html CVE-2018-16328 https://bugzilla.suse.com/1106857 SUSE Bug 1106857 ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. CVE-2018-16641 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16641.html CVE-2018-16641 https://bugzilla.suse.com/1107618 SUSE Bug 1107618 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. CVE-2018-17966 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17966.html CVE-2018-17966 https://bugzilla.suse.com/1110746 SUSE Bug 1110746 https://bugzilla.suse.com/1117463 SUSE Bug 1117463 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. CVE-2019-11007 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11007.html CVE-2019-11007 https://bugzilla.suse.com/1132060 SUSE Bug 1132060 In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. CVE-2019-11506 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11506.html CVE-2019-11506 https://bugzilla.suse.com/1133498 SUSE Bug 1133498 ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. CVE-2019-12976 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12976.html CVE-2019-12976 https://bugzilla.suse.com/1140110 SUSE Bug 1140110 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. CVE-2019-13134 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13134.html CVE-2019-13134 https://bugzilla.suse.com/1140102 SUSE Bug 1140102 ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. CVE-2019-13296 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13296.html CVE-2019-13296 https://bugzilla.suse.com/1140665 SUSE Bug 1140665 ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. CVE-2019-13301 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13301.html CVE-2019-13301 https://bugzilla.suse.com/1140554 SUSE Bug 1140554 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. CVE-2019-13306 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13306.html CVE-2019-13306 https://bugzilla.suse.com/1140543 SUSE Bug 1140543 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. CVE-2019-13311 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13311.html CVE-2019-13311 https://bugzilla.suse.com/1140513 SUSE Bug 1140513 https://bugzilla.suse.com/1140554 SUSE Bug 1140554 The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. CVE-2019-15139 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15139.html CVE-2019-15139 https://bugzilla.suse.com/1146213 SUSE Bug 1146213 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. CVE-2019-16710 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-16710.html CVE-2019-16710 https://bugzilla.suse.com/1151783 SUSE Bug 1151783 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. CVE-2019-19949 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19949.html CVE-2019-19949 https://bugzilla.suse.com/1160369 SUSE Bug 1160369 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. CVE-2019-7398 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7398.html CVE-2019-7398 https://bugzilla.suse.com/1124365 SUSE Bug 1124365 There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. CVE-2020-25666 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25666.html CVE-2020-25666 https://bugzilla.suse.com/1179212 SUSE Bug 1179212 A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. CVE-2020-27750 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27750.html CVE-2020-27750 https://bugzilla.suse.com/1179260 SUSE Bug 1179260 in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. CVE-2020-27755 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27755.html CVE-2020-27755 https://bugzilla.suse.com/1179345 SUSE Bug 1179345 In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. CVE-2020-27760 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27760.html CVE-2020-27760 https://bugzilla.suse.com/1179281 SUSE Bug 1179281 A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. CVE-2020-27765 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27765.html CVE-2020-27765 https://bugzilla.suse.com/1179311 SUSE Bug 1179311 Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. CVE-2020-27770 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27770.html CVE-2020-27770 https://bugzilla.suse.com/1179343 SUSE Bug 1179343 A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. CVE-2020-27775 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27775.html CVE-2020-27775 https://bugzilla.suse.com/1179338 SUSE Bug 1179338 A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. CVE-2021-20246 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-20246.html CVE-2021-20246 https://bugzilla.suse.com/1182337 SUSE Bug 1182337 A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. CVE-2021-20312 openSUSE Tumbleweed:ImageMagick-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.0.9-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.0.9-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.0.9-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-20312.html CVE-2021-20312 https://bugzilla.suse.com/1184627 SUSE Bug 1184627