ImageMagick-7.1.1.17-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13263 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.1.17-1.1 on GA media These are all security issues fixed in the ImageMagick-7.1.1.17-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13263 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13263 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-4219/ SUSE CVE CVE-2021-4219 page https://www.suse.com/security/cve/CVE-2022-0284/ SUSE CVE CVE-2022-0284 page https://www.suse.com/security/cve/CVE-2022-1114/ SUSE CVE CVE-2022-1114 page https://www.suse.com/security/cve/CVE-2022-1115/ SUSE CVE CVE-2022-1115 page https://www.suse.com/security/cve/CVE-2022-2719/ SUSE CVE CVE-2022-2719 page https://www.suse.com/security/cve/CVE-2022-28463/ SUSE CVE CVE-2022-28463 page https://www.suse.com/security/cve/CVE-2022-3213/ SUSE CVE CVE-2022-3213 page https://www.suse.com/security/cve/CVE-2022-32545/ SUSE CVE CVE-2022-32545 page https://www.suse.com/security/cve/CVE-2022-32546/ SUSE CVE CVE-2022-32546 page https://www.suse.com/security/cve/CVE-2022-32547/ SUSE CVE CVE-2022-32547 page https://www.suse.com/security/cve/CVE-2022-44267/ SUSE CVE CVE-2022-44267 page https://www.suse.com/security/cve/CVE-2022-44268/ SUSE CVE CVE-2022-44268 page https://www.suse.com/security/cve/CVE-2023-1289/ SUSE CVE CVE-2023-1289 page https://www.suse.com/security/cve/CVE-2023-34151/ SUSE CVE CVE-2023-34151 page https://www.suse.com/security/cve/CVE-2023-34153/ SUSE CVE CVE-2023-34153 page openSUSE Tumbleweed ImageMagick-7.1.1.17-1.1 ImageMagick-config-7-SUSE-7.1.1.17-1.1 ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 ImageMagick-config-7-upstream-open-7.1.1.17-1.1 ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 ImageMagick-devel-7.1.1.17-1.1 ImageMagick-devel-32bit-7.1.1.17-1.1 ImageMagick-doc-7.1.1.17-1.1 ImageMagick-extra-7.1.1.17-1.1 libMagick++-7_Q16HDRI5-7.1.1.17-1.1 libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 libMagick++-devel-7.1.1.17-1.1 libMagick++-devel-32bit-7.1.1.17-1.1 libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 perl-PerlMagick-7.1.1.17-1.1 ImageMagick-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-open-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.1.17-1.1 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.1.17-1.1 as a component of openSUSE Tumbleweed A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. CVE-2021-4219 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-4219.html CVE-2021-4219 https://bugzilla.suse.com/1196337 SUSE Bug 1196337 A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. CVE-2022-0284 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0284.html CVE-2022-0284 https://bugzilla.suse.com/1195563 SUSE Bug 1195563 A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. CVE-2022-1114 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1114.html CVE-2022-1114 https://bugzilla.suse.com/1198700 SUSE Bug 1198700 A heap-buffer-overflow flaw was found in ImageMagick's PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. CVE-2022-1115 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1115.html CVE-2022-1115 https://bugzilla.suse.com/1198701 SUSE Bug 1198701 In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. CVE-2022-2719 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2719.html CVE-2022-2719 https://bugzilla.suse.com/1202250 SUSE Bug 1202250 ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. CVE-2022-28463 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-28463.html CVE-2022-28463 https://bugzilla.suse.com/1199350 SUSE Bug 1199350 A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. CVE-2022-3213 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3213.html CVE-2022-3213 https://bugzilla.suse.com/1203450 SUSE Bug 1203450 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. CVE-2022-32545 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32545.html CVE-2022-32545 https://bugzilla.suse.com/1200388 SUSE Bug 1200388 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. CVE-2022-32546 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32546.html CVE-2022-32546 https://bugzilla.suse.com/1200389 SUSE Bug 1200389 https://bugzilla.suse.com/1211791 SUSE Bug 1211791 In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. CVE-2022-32547 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32547.html CVE-2022-32547 https://bugzilla.suse.com/1200387 SUSE Bug 1200387 ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. CVE-2022-44267 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44267.html CVE-2022-44267 https://bugzilla.suse.com/1207982 SUSE Bug 1207982 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). CVE-2022-44268 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44268.html CVE-2022-44268 https://bugzilla.suse.com/1207983 SUSE Bug 1207983 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. CVE-2023-1289 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1289.html CVE-2023-1289 https://bugzilla.suse.com/1209141 SUSE Bug 1209141 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). CVE-2023-34151 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-34151.html CVE-2023-34151 https://bugzilla.suse.com/1211791 SUSE Bug 1211791 A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. CVE-2023-34153 openSUSE Tumbleweed:ImageMagick-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-limited-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-open-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-secure-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-websafe-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.17-1.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.17-1.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.17-1.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.17-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-34153.html CVE-2023-34153 https://bugzilla.suse.com/1211792 SUSE Bug 1211792