csaf_suse - suse-su-2017:3056-1

suse-su-2017:3056-1

Vulnerability from csaf_suse

Published

2017-11-23 16:15

Modified

2017-11-23 16:15

Summary

Security update for GraphicsMagick

Notes

Title of the patch

Security update for GraphicsMagick

Description of the patch

This update for GraphicsMagick fixes the following issues: - CVE-2017-15033: A denial of service attack (memory leak) in ReadYUVImage in coders/yuv.c was fixed (bsc#1061873) - CVE-2017-13063: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055050) - CVE-2017-13064: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055042) - CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598) - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430) - CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596) - CVE-2017-11534: A Memory Leak in the lite_font_map() function in coders/wmf.c was fixed (bsc#1050135)

Patchnames

sdksp4-GraphicsMagick-13347,slestso13-GraphicsMagick-13347

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for GraphicsMagick",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for GraphicsMagick fixes the following issues:\n\n- CVE-2017-15033: A denial of service attack (memory leak) in ReadYUVImage in coders/yuv.c was fixed (bsc#1061873)\n- CVE-2017-13063: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055050)\n- CVE-2017-13064: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055042)\n- CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting.  (bsc#1054598)\n- CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk.  (bsc#1055430)\n- CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read.  (bsc#1054596)\n- CVE-2017-11534: A Memory Leak in the lite_font_map() function in coders/wmf.c was fixed (bsc#1050135)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-GraphicsMagick-13347,slestso13-GraphicsMagick-13347",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3056-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:3056-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173056-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:3056-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-November/003404.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050135",
        "url": "https://bugzilla.suse.com/1050135"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054596",
        "url": "https://bugzilla.suse.com/1054596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1054598",
        "url": "https://bugzilla.suse.com/1054598"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1055042",
        "url": "https://bugzilla.suse.com/1055042"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1055050",
        "url": "https://bugzilla.suse.com/1055050"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1055430",
        "url": "https://bugzilla.suse.com/1055430"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1061873",
        "url": "https://bugzilla.suse.com/1061873"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-11534 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-11534/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12936 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12936/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12937 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12937/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-13063 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-13063/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-13064 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-13064/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-13139 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-13139/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15033 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15033/"
      }
    ],
    "title": "Security update for GraphicsMagick",
    "tracking": {
      "current_release_date": "2017-11-23T16:15:37Z",
      "generator": {
        "date": "2017-11-23T16:15:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:3056-1",
      "initial_release_date": "2017-11-23T16:15:37Z",
      "revision_history": [
        {
          "date": "2017-11-23T16:15:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-4.78.16.1.i586",
                "product": {
                  "name": "GraphicsMagick-1.2.5-4.78.16.1.i586",
                  "product_id": "GraphicsMagick-1.2.5-4.78.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-4.78.16.1.i586",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-4.78.16.1.i586",
                  "product_id": "libGraphicsMagick2-1.2.5-4.78.16.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
                  "product_id": "perl-GraphicsMagick-1.2.5-4.78.16.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-4.78.16.1.ia64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-4.78.16.1.ia64",
                  "product_id": "GraphicsMagick-1.2.5-4.78.16.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
                  "product_id": "libGraphicsMagick2-1.2.5-4.78.16.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
                  "product_id": "perl-GraphicsMagick-1.2.5-4.78.16.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-4.78.16.1.ppc64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-4.78.16.1.ppc64",
                  "product_id": "GraphicsMagick-1.2.5-4.78.16.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
                  "product_id": "libGraphicsMagick2-1.2.5-4.78.16.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
                  "product_id": "perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-4.78.16.1.s390x",
                "product": {
                  "name": "GraphicsMagick-1.2.5-4.78.16.1.s390x",
                  "product_id": "GraphicsMagick-1.2.5-4.78.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
                  "product_id": "libGraphicsMagick2-1.2.5-4.78.16.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
                  "product_id": "perl-GraphicsMagick-1.2.5-4.78.16.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-4.78.16.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-4.78.16.1.x86_64",
                  "product_id": "GraphicsMagick-1.2.5-4.78.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
                  "product_id": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
                  "product_id": "perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Studio Onsite 1.3",
                "product": {
                  "name": "SUSE Studio Onsite 1.3",
                  "product_id": "SUSE Studio Onsite 1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-studioonsite:1.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-4.78.16.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.2.5-4.78.16.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11534",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-11534"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-11534",
          "url": "https://www.suse.com/security/cve/CVE-2017-11534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050135 for CVE-2017-11534",
          "url": "https://bugzilla.suse.com/1050135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-11534"
    },
    {
      "cve": "CVE-2017-12936",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12936"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12936",
          "url": "https://www.suse.com/security/cve/CVE-2017-12936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054598 for CVE-2017-12936",
          "url": "https://bugzilla.suse.com/1054598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054600 for CVE-2017-12936",
          "url": "https://bugzilla.suse.com/1054600"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-12936"
    },
    {
      "cve": "CVE-2017-12937",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12937"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12937",
          "url": "https://www.suse.com/security/cve/CVE-2017-12937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054596 for CVE-2017-12937",
          "url": "https://bugzilla.suse.com/1054596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054598 for CVE-2017-12937",
          "url": "https://bugzilla.suse.com/1054598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054600 for CVE-2017-12937",
          "url": "https://bugzilla.suse.com/1054600"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-12937"
    },
    {
      "cve": "CVE-2017-13063",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-13063"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-13063",
          "url": "https://www.suse.com/security/cve/CVE-2017-13063"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054598 for CVE-2017-13063",
          "url": "https://bugzilla.suse.com/1054598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054600 for CVE-2017-13063",
          "url": "https://bugzilla.suse.com/1054600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1055038 for CVE-2017-13063",
          "url": "https://bugzilla.suse.com/1055038"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1055050 for CVE-2017-13063",
          "url": "https://bugzilla.suse.com/1055050"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-13063"
    },
    {
      "cve": "CVE-2017-13064",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-13064"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-13064",
          "url": "https://www.suse.com/security/cve/CVE-2017-13064"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054598 for CVE-2017-13064",
          "url": "https://bugzilla.suse.com/1054598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1054600 for CVE-2017-13064",
          "url": "https://bugzilla.suse.com/1054600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1055042 for CVE-2017-13064",
          "url": "https://bugzilla.suse.com/1055042"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1055050 for CVE-2017-13064",
          "url": "https://bugzilla.suse.com/1055050"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-13064"
    },
    {
      "cve": "CVE-2017-13139",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-13139"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-13139",
          "url": "https://www.suse.com/security/cve/CVE-2017-13139"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1055430 for CVE-2017-13139",
          "url": "https://bugzilla.suse.com/1055430"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-13139"
    },
    {
      "cve": "CVE-2017-15033",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15033"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15033",
          "url": "https://www.suse.com/security/cve/CVE-2017-15033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1061873 for CVE-2017-15033",
          "url": "https://bugzilla.suse.com/1061873"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.78.16.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-4.78.16.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-23T16:15:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15033"
    }
  ]
}

CVE-2017-13063 (GCVE-0-2017-13063)

Vulnerability from cvelistv5

Published

2017-08-22 06:00

Modified

2024-08-05 18:58

Severity ?

CWE

Summary

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4321	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html	mailing-list, x_refsource_MLIST
	http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a	x_refsource_CONFIRM
	https://sourceforge.net/p/graphicsmagick/bugs/434/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4222-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:58:12.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4321",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4321"
          },
          {
            "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/434/"
          },
          {
            "name": "FEDORA-2019-da4c20882c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
          },
          {
            "name": "FEDORA-2019-425a1aa7c9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
          },
          {
            "name": "USN-4222-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4222-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-16T19:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4321",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4321"
        },
        {
          "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceforge.net/p/graphicsmagick/bugs/434/"
        },
        {
          "name": "FEDORA-2019-da4c20882c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
        },
        {
          "name": "FEDORA-2019-425a1aa7c9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
        },
        {
          "name": "USN-4222-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4222-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4321",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4321"
            },
            {
              "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
            },
            {
              "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a",
              "refsource": "CONFIRM",
              "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
            },
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/434/",
              "refsource": "CONFIRM",
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/434/"
            },
            {
              "name": "FEDORA-2019-da4c20882c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
            },
            {
              "name": "FEDORA-2019-425a1aa7c9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
            },
            {
              "name": "USN-4222-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4222-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13063",
    "datePublished": "2017-08-22T06:00:00",
    "dateReserved": "2017-08-22T00:00:00",
    "dateUpdated": "2024-08-05T18:58:12.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-13064 (GCVE-0-2017-13064)

Vulnerability from cvelistv5

Published

2017-08-22 06:00

Modified

2024-08-05 18:58

Severity ?

CWE

Summary

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4321	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html	mailing-list, x_refsource_MLIST
	https://sourceforge.net/p/graphicsmagick/bugs/436/	x_refsource_CONFIRM
	http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100474	vdb-entry, x_refsource_BID
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4222-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:58:12.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4321",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4321"
          },
          {
            "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/436/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
          },
          {
            "name": "100474",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100474"
          },
          {
            "name": "FEDORA-2019-da4c20882c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
          },
          {
            "name": "FEDORA-2019-425a1aa7c9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
          },
          {
            "name": "USN-4222-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4222-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-16T19:06:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4321",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4321"
        },
        {
          "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceforge.net/p/graphicsmagick/bugs/436/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
        },
        {
          "name": "100474",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100474"
        },
        {
          "name": "FEDORA-2019-da4c20882c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
        },
        {
          "name": "FEDORA-2019-425a1aa7c9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
        },
        {
          "name": "USN-4222-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4222-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13064",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4321",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4321"
            },
            {
              "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
            },
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/436/",
              "refsource": "CONFIRM",
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/436/"
            },
            {
              "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a",
              "refsource": "CONFIRM",
              "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
            },
            {
              "name": "100474",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100474"
            },
            {
              "name": "FEDORA-2019-da4c20882c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
            },
            {
              "name": "FEDORA-2019-425a1aa7c9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
            },
            {
              "name": "USN-4222-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4222-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13064",
    "datePublished": "2017-08-22T06:00:00",
    "dateReserved": "2017-08-22T00:00:00",
    "dateUpdated": "2024-08-05T18:58:12.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-13139 (GCVE-0-2017-13139)

Vulnerability from cvelistv5

Published

2017-08-23 06:00

Modified

2024-08-05 18:58

Severity ?

CWE

Summary

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

References

URL

Tags

	https://www.debian.org/security/2017/dsa-4040	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3681-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201711-07	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/100494	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2017/dsa-4019	vendor-advisory, x_refsource_DEBIAN
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109	x_refsource_CONFIRM
	https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:58:12.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4040",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4040"
          },
          {
            "name": "USN-3681-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3681-1/"
          },
          {
            "name": "GLSA-201711-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-07"
          },
          {
            "name": "100494",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100494"
          },
          {
            "name": "DSA-4019",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-07T20:59:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4040",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4040"
        },
        {
          "name": "USN-3681-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3681-1/"
        },
        {
          "name": "GLSA-201711-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-07"
        },
        {
          "name": "100494",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100494"
        },
        {
          "name": "DSA-4019",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4040",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4040"
            },
            {
              "name": "USN-3681-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3681-1/"
            },
            {
              "name": "GLSA-201711-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-07"
            },
            {
              "name": "100494",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100494"
            },
            {
              "name": "DSA-4019",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4019"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109"
            },
            {
              "name": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4",
              "refsource": "CONFIRM",
              "url": "https://github.com/ImageMagick/ImageMagick/commit/d072ed6aff835c174e856ce3a428163c0da9e8f4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13139",
    "datePublished": "2017-08-23T06:00:00",
    "dateReserved": "2017-08-23T00:00:00",
    "dateUpdated": "2024-08-05T18:58:12.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-11534 (GCVE-0-2017-11534)

Vulnerability from cvelistv5

Published

2017-07-23 03:00

Modified

2024-08-05 18:12

Severity ?

CWE

Summary

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.

References

URL

Tags

https://github.com/ImageMagick/ImageMagick/issues/564

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:40.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/issues/564"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-23T02:57:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/issues/564"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/issues/564",
              "refsource": "CONFIRM",
              "url": "https://github.com/ImageMagick/ImageMagick/issues/564"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11534",
    "datePublished": "2017-07-23T03:00:00",
    "dateReserved": "2017-07-22T00:00:00",
    "dateUpdated": "2024-08-05T18:12:40.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12936 (GCVE-0-2017-12936)

Vulnerability from cvelistv5

Published

2017-08-18 12:00

Modified

2024-08-05 18:51

Severity ?

CWE

Summary

The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4321	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html	mailing-list, x_refsource_MLIST
	http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd	x_refsource_MISC
	https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4222-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:07.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4321",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4321"
          },
          {
            "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/"
          },
          {
            "name": "FEDORA-2019-da4c20882c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
          },
          {
            "name": "FEDORA-2019-425a1aa7c9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
          },
          {
            "name": "USN-4222-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4222-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-16T19:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4321",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4321"
        },
        {
          "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/"
        },
        {
          "name": "FEDORA-2019-da4c20882c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
        },
        {
          "name": "FEDORA-2019-425a1aa7c9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
        },
        {
          "name": "USN-4222-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4222-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4321",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4321"
            },
            {
              "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
            },
            {
              "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd",
              "refsource": "MISC",
              "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/"
            },
            {
              "name": "FEDORA-2019-da4c20882c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
            },
            {
              "name": "FEDORA-2019-425a1aa7c9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
            },
            {
              "name": "USN-4222-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4222-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12936",
    "datePublished": "2017-08-18T12:00:00",
    "dateReserved": "2017-08-18T00:00:00",
    "dateUpdated": "2024-08-05T18:51:07.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-15033 (GCVE-0-2017-15033)

Vulnerability from cvelistv5

Published

2017-10-05 07:00

Modified

2024-08-05 19:42

Severity ?

CWE

Summary

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

References

URL

Tags

	https://usn.ubuntu.com/3681-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:42:22.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3681-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3681-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-13T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3681-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3681-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3681-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3681-1/"
            },
            {
              "name": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683",
              "refsource": "CONFIRM",
              "url": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15033",
    "datePublished": "2017-10-05T07:00:00",
    "dateReserved": "2017-10-05T00:00:00",
    "dateUpdated": "2024-08-05T19:42:22.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12937 (GCVE-0-2017-12937)

Vulnerability from cvelistv5

Published

2017-08-18 12:00

Modified

2024-08-05 18:51

Severity ?

CWE

Summary

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

References

URL

Tags

	http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978	x_refsource_MISC
	http://www.securityfocus.com/bid/100442	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2018/dsa-4321	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html	mailing-list, x_refsource_MLIST
	https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4222-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:07.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978"
          },
          {
            "name": "100442",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100442"
          },
          {
            "name": "DSA-4321",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4321"
          },
          {
            "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/"
          },
          {
            "name": "FEDORA-2019-da4c20882c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
          },
          {
            "name": "FEDORA-2019-425a1aa7c9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
          },
          {
            "name": "USN-4222-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4222-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-16T19:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978"
        },
        {
          "name": "100442",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100442"
        },
        {
          "name": "DSA-4321",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4321"
        },
        {
          "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/"
        },
        {
          "name": "FEDORA-2019-da4c20882c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
        },
        {
          "name": "FEDORA-2019-425a1aa7c9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
        },
        {
          "name": "USN-4222-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4222-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978",
              "refsource": "MISC",
              "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978"
            },
            {
              "name": "100442",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100442"
            },
            {
              "name": "DSA-4321",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4321"
            },
            {
              "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/"
            },
            {
              "name": "FEDORA-2019-da4c20882c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
            },
            {
              "name": "FEDORA-2019-425a1aa7c9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
            },
            {
              "name": "USN-4222-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4222-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12937",
    "datePublished": "2017-08-18T12:00:00",
    "dateReserved": "2017-08-18T00:00:00",
    "dateUpdated": "2024-08-05T18:51:07.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2017:3056-1

Vulnerability from csaf_suse

CVE-2017-13063 (GCVE-0-2017-13063)

Vulnerability from cvelistv5

CVE-2017-13064 (GCVE-0-2017-13064)

Vulnerability from cvelistv5

CVE-2017-13139 (GCVE-0-2017-13139)

Vulnerability from cvelistv5

CVE-2017-11534 (GCVE-0-2017-11534)

Vulnerability from cvelistv5

CVE-2017-12936 (GCVE-0-2017-12936)

Vulnerability from cvelistv5

CVE-2017-15033 (GCVE-0-2017-15033)

Vulnerability from cvelistv5

CVE-2017-12937 (GCVE-0-2017-12937)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature