Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1141-1 Final 1 1 2019-04-04T14:11:43Z current 2019-04-04T14:11:43Z 2019-04-04T14:11:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed a memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed an infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7396: Fixed a memory leak in the function ReadSIXELImage (bsc#1124367). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). Non-security issue fixed: - Fixed a regression in regards to the 'edge' comand line flag (bsc#1106415) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1141 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA E-Mail link for openSUSE-SU-2019:1141-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1106415 SUSE Bug 1106415 https://bugzilla.suse.com/1106996 SUSE Bug 1106996 https://bugzilla.suse.com/1113064 SUSE Bug 1113064 https://bugzilla.suse.com/1120381 SUSE Bug 1120381 https://bugzilla.suse.com/1124365 SUSE Bug 1124365 https://bugzilla.suse.com/1124366 SUSE Bug 1124366 https://bugzilla.suse.com/1124367 SUSE Bug 1124367 https://bugzilla.suse.com/1124368 SUSE Bug 1124368 https://bugzilla.suse.com/1128649 SUSE Bug 1128649 https://www.suse.com/security/cve/CVE-2018-16412/ SUSE CVE CVE-2018-16412 page https://www.suse.com/security/cve/CVE-2018-18544/ SUSE CVE CVE-2018-18544 page https://www.suse.com/security/cve/CVE-2018-20467/ SUSE CVE CVE-2018-20467 page https://www.suse.com/security/cve/CVE-2019-7175/ SUSE CVE CVE-2019-7175 page https://www.suse.com/security/cve/CVE-2019-7395/ SUSE CVE CVE-2019-7395 page https://www.suse.com/security/cve/CVE-2019-7396/ SUSE CVE CVE-2019-7396 page https://www.suse.com/security/cve/CVE-2019-7397/ SUSE CVE CVE-2019-7397 page https://www.suse.com/security/cve/CVE-2019-7398/ SUSE CVE CVE-2019-7398 page openSUSE Leap 15.0 ImageMagick-7.0.7.34-lp150.2.26.1 ImageMagick-devel-7.0.7.34-lp150.2.26.1 ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 ImageMagick-doc-7.0.7.34-lp150.2.26.1 ImageMagick-extra-7.0.7.34-lp150.2.26.1 libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 libMagick++-devel-7.0.7.34-lp150.2.26.1 libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 perl-PerlMagick-7.0.7.34-lp150.2.26.1 ImageMagick-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 ImageMagick-devel-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 ImageMagick-doc-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 ImageMagick-extra-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagick++-devel-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 perl-PerlMagick-7.0.7.34-lp150.2.26.1 as a component of openSUSE Leap 15.0 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. CVE-2018-16412 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2018-16412.html CVE-2018-16412 https://bugzilla.suse.com/1106989 SUSE Bug 1106989 https://bugzilla.suse.com/1106996 SUSE Bug 1106996 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. CVE-2018-18544 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2018-18544.html CVE-2018-18544 https://bugzilla.suse.com/1113064 SUSE Bug 1113064 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. CVE-2018-20467 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2018-20467.html CVE-2018-20467 https://bugzilla.suse.com/1120381 SUSE Bug 1120381 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. CVE-2019-7175 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2019-7175.html CVE-2019-7175 https://bugzilla.suse.com/1128649 SUSE Bug 1128649 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. CVE-2019-7395 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2019-7395.html CVE-2019-7395 https://bugzilla.suse.com/1124368 SUSE Bug 1124368 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. CVE-2019-7396 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2019-7396.html CVE-2019-7396 https://bugzilla.suse.com/1124367 SUSE Bug 1124367 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. CVE-2019-7397 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2019-7397.html CVE-2019-7397 https://bugzilla.suse.com/1124366 SUSE Bug 1124366 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. CVE-2019-7398 openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:ImageMagick-extra-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagick++-devel-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1 openSUSE Leap 15.0:perl-PerlMagick-7.0.7.34-lp150.2.26.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA https://www.suse.com/security/cve/CVE-2019-7398.html CVE-2019-7398 https://bugzilla.suse.com/1124365 SUSE Bug 1124365