cvelistv5 - CVE-2018-20185

CVE-2018-20185 (GCVE-0-2018-20185)

Vulnerability from cvelistv5 – Published: 2018-12-17 17:00 – Updated: 2024-08-05 11:58

Summary

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

WID-SEC-W-2023-0767

Vulnerability from csaf_certbund - Published: 2018-12-17 23:00 - Updated: 2023-03-27 22:00

Summary

GraphicsMagick: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten können.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten k\u00f6nnen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0767 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-0767.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0767 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0767"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5974-1 vom 2023-03-27",
        "url": "https://ubuntu.com/security/notices/USN-5974-1"
      },
      {
        "category": "external",
        "summary": "Eintr\u00e4ge in der Mitre Datenbank vom 2018-12-17",
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20189"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4207-1 vom 2019-12-03",
        "url": "https://usn.ubuntu.com/4207-1/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4640 vom 2020-03-16",
        "url": "https://www.debian.org/security/2020/dsa-4640"
      }
    ],
    "source_lang": "en-US",
    "title": "GraphicsMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2023-03-27T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:23.693+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0767",
      "initial_release_date": "2018-12-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-12-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2019-01-03T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: SUSE-SU-2019:13923-1"
        },
        {
          "date": "2019-12-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-03-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source GraphicsMagick 1.3.1",
                "product": {
                  "name": "Open Source GraphicsMagick 1.3.1",
                  "product_id": "97321",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:graphicsmagick:graphicsmagick:1.3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source GraphicsMagick 1.4",
                "product": {
                  "name": "Open Source GraphicsMagick 1.4",
                  "product_id": "T008587",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:graphicsmagick:graphicsmagick:1.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GraphicsMagick"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20184",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20184"
    },
    {
      "cve": "CVE-2018-20185",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20185"
    },
    {
      "cve": "CVE-2018-20189",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20189"
    }
  ]
}

GSD-2018-20185

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-20185

Aliases

CVE-2018-20185

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-20185",
    "description": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",
    "id": "GSD-2018-20185",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-20185.html",
      "https://www.debian.org/security/2020/dsa-4640",
      "https://ubuntu.com/security/CVE-2018-20185",
      "https://advisories.mageia.org/CVE-2018-20185.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-20185"
      ],
      "details": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",
      "id": "GSD-2018-20185",
      "modified": "2023-12-13T01:22:29.041174Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-20185",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293",
            "refsource": "MISC",
            "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
          },
          {
            "name": "https://sourceforge.net/p/graphicsmagick/bugs/582/",
            "refsource": "MISC",
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
          },
          {
            "name": "106229",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106229"
          },
          {
            "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
          },
          {
            "name": "USN-4207-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4207-1/"
          },
          {
            "name": "DSA-4640",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4640"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2018-12-09:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20185"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/582/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
            },
            {
              "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
            },
            {
              "name": "106229",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106229"
            },
            {
              "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
            },
            {
              "name": "USN-4207-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4207-1/"
            },
            {
              "name": "DSA-4640",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4640"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-18T15:05Z",
      "publishedDate": "2018-12-17T19:29Z"
    }
  }
}

FKIE_CVE-2018-20185

Vulnerability from fkie_nvd - Published: 2018-12-17 19:29 - Updated: 2024-11-21 04:01

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/106229	Third Party Advisory, VDB Entry
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html	Mailing List, Third Party Advisory
cve@mitre.org	https://sourceforge.net/p/graphicsmagick/bugs/582/	Exploit, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4207-1/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4640	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106229	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://sourceforge.net/p/graphicsmagick/bugs/582/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4207-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4640	Third Party Advisory

Impacted products

Vendor	Product	Version
graphicsmagick	graphicsmagick	1.4
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	18.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2018-12-09:*:*:*:*:*:*",
              "matchCriteriaId": "D40A1BD1-2438-4BD5-AF37-A8628714493D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."
    },
    {
      "lang": "es",
      "value": "Hay una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en GraphicsMagick 1.4 snapshot-20181209 Q8 en plataformas de 32 bits, en la funci\u00f3n ReadBMPImage de bmp.c que permite que atacantes provoquen una denegaci\u00f3n de servicio (DoS) mediante un archivo de imagen bmp manipulado. Esto solo afecta a instalaciones de GraphicsMagick con l\u00edmites BMP personalizados."
    }
  ],
  "id": "CVE-2018-20185",
  "lastModified": "2024-11-21T04:01:02.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-17T19:29:03.720",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106229"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4207-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4207-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

SUSE-SU-2019:13923-1

Vulnerability from csaf_suse - Published: 2019-01-03 16:32 - Updated: 2019-01-03 16:32

Summary

Security update for GraphicsMagick

Notes

Title of the patch

Security update for GraphicsMagick

Description of the patch

This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage() (bsc#1113064). - CVE-2017-10794: Fixed buffer overflow in RGB TIFF picture processing (bsc#1112392). - CVE-2017-14997: Fixed integer underflow in ReadPICTImage in coders/pict.c (bsc#1112399). - CVE-2018-20185: Fixed heap-based buffer over-read in the ReadBMPImage function of bmp.c (bsc#1119823) - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822) Regressions fixed after security update: - CVE-2017-12663: Fixed memory leak in WriteMAPImage in coders/map.c (bsc#1052754). - CVE-2017-9405: Fixed memory leak in the ReadICONImage function (bsc#1042911). - CVE-2018-6405: Fixed ReadDCMImage function in coders/dcm (bsc#1078433). Non-security issues fixed: - debug_build: build more suitable for debugging

Patchnames

sdksp4-GraphicsMagick-13923,slestso13-GraphicsMagick-13923

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for GraphicsMagick",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for GraphicsMagick fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-18544: Fixed memory leak in the function WriteMSLImage() (bsc#1113064).\n- CVE-2017-10794: Fixed buffer overflow in RGB TIFF picture processing (bsc#1112392).\n- CVE-2017-14997: Fixed integer underflow in ReadPICTImage in coders/pict.c (bsc#1112399).\n- CVE-2018-20185: Fixed heap-based buffer over-read in the ReadBMPImage function of bmp.c (bsc#1119823)\n- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)\n\nRegressions fixed after security update:\n\n- CVE-2017-12663: Fixed memory leak in WriteMAPImage in coders/map.c (bsc#1052754).\n- CVE-2017-9405: Fixed memory leak in the ReadICONImage function (bsc#1042911).\n- CVE-2018-6405: Fixed ReadDCMImage function in coders/dcm (bsc#1078433).\n\nNon-security issues fixed:\n\n- debug_build: build more suitable for debugging\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-GraphicsMagick-13923,slestso13-GraphicsMagick-13923",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_13923-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:13923-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913923-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:13923-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005014.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042911",
        "url": "https://bugzilla.suse.com/1042911"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1052754",
        "url": "https://bugzilla.suse.com/1052754"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1078433",
        "url": "https://bugzilla.suse.com/1078433"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112392",
        "url": "https://bugzilla.suse.com/1112392"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112399",
        "url": "https://bugzilla.suse.com/1112399"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113064",
        "url": "https://bugzilla.suse.com/1113064"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119822",
        "url": "https://bugzilla.suse.com/1119822"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119823",
        "url": "https://bugzilla.suse.com/1119823"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-10794 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-10794/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12663 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12663/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14997 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14997/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9405 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9405/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18544 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18544/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20184 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20185 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20185/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6405 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6405/"
      }
    ],
    "title": "Security update for GraphicsMagick",
    "tracking": {
      "current_release_date": "2019-01-03T16:32:29Z",
      "generator": {
        "date": "2019-01-03T16:32:29Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:13923-1",
      "initial_release_date": "2019-01-03T16:32:29Z",
      "revision_history": [
        {
          "date": "2019-01-03T16:32:29Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-78.78.1.i586",
                "product": {
                  "name": "GraphicsMagick-1.2.5-78.78.1.i586",
                  "product_id": "GraphicsMagick-1.2.5-78.78.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-78.78.1.i586",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-78.78.1.i586",
                  "product_id": "libGraphicsMagick2-1.2.5-78.78.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-78.78.1.i586",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-78.78.1.i586",
                  "product_id": "perl-GraphicsMagick-1.2.5-78.78.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-78.78.1.ia64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-78.78.1.ia64",
                  "product_id": "GraphicsMagick-1.2.5-78.78.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-78.78.1.ia64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-78.78.1.ia64",
                  "product_id": "libGraphicsMagick2-1.2.5-78.78.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-78.78.1.ia64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-78.78.1.ia64",
                  "product_id": "perl-GraphicsMagick-1.2.5-78.78.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-78.78.1.ppc64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-78.78.1.ppc64",
                  "product_id": "GraphicsMagick-1.2.5-78.78.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-78.78.1.ppc64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-78.78.1.ppc64",
                  "product_id": "libGraphicsMagick2-1.2.5-78.78.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
                  "product_id": "perl-GraphicsMagick-1.2.5-78.78.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-78.78.1.s390x",
                "product": {
                  "name": "GraphicsMagick-1.2.5-78.78.1.s390x",
                  "product_id": "GraphicsMagick-1.2.5-78.78.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-78.78.1.s390x",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-78.78.1.s390x",
                  "product_id": "libGraphicsMagick2-1.2.5-78.78.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-78.78.1.s390x",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-78.78.1.s390x",
                  "product_id": "perl-GraphicsMagick-1.2.5-78.78.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.2.5-78.78.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-1.2.5-78.78.1.x86_64",
                  "product_id": "GraphicsMagick-1.2.5-78.78.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick2-1.2.5-78.78.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick2-1.2.5-78.78.1.x86_64",
                  "product_id": "libGraphicsMagick2-1.2.5-78.78.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
                "product": {
                  "name": "perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
                  "product_id": "perl-GraphicsMagick-1.2.5-78.78.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Studio Onsite 1.3",
                "product": {
                  "name": "SUSE Studio Onsite 1.3",
                  "product_id": "SUSE Studio Onsite 1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-studioonsite:1.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-78.78.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-78.78.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-78.78.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-78.78.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-78.78.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-78.78.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-78.78.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.2.5-78.78.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64"
        },
        "product_reference": "perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.2.5-78.78.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.2.5-78.78.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick2-1.2.5-78.78.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        },
        "product_reference": "libGraphicsMagick2-1.2.5-78.78.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-10794",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-10794"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-10794",
          "url": "https://www.suse.com/security/cve/CVE-2017-10794"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112392 for CVE-2017-10794",
          "url": "https://bugzilla.suse.com/1112392"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-10794"
    },
    {
      "cve": "CVE-2017-12663",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12663"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12663",
          "url": "https://www.suse.com/security/cve/CVE-2017-12663"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052754 for CVE-2017-12663",
          "url": "https://bugzilla.suse.com/1052754"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-12663"
    },
    {
      "cve": "CVE-2017-14997",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14997"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14997",
          "url": "https://www.suse.com/security/cve/CVE-2017-14997"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112399 for CVE-2017-14997",
          "url": "https://bugzilla.suse.com/1112399"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117463 for CVE-2017-14997",
          "url": "https://bugzilla.suse.com/1117463"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-14997"
    },
    {
      "cve": "CVE-2017-9405",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9405"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9405",
          "url": "https://www.suse.com/security/cve/CVE-2017-9405"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042911 for CVE-2017-9405",
          "url": "https://bugzilla.suse.com/1042911"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-9405"
    },
    {
      "cve": "CVE-2018-18544",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18544"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18544",
          "url": "https://www.suse.com/security/cve/CVE-2018-18544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113064 for CVE-2018-18544",
          "url": "https://bugzilla.suse.com/1113064"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18544"
    },
    {
      "cve": "CVE-2018-20184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20184",
          "url": "https://www.suse.com/security/cve/CVE-2018-20184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119822 for CVE-2018-20184",
          "url": "https://bugzilla.suse.com/1119822"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20184"
    },
    {
      "cve": "CVE-2018-20185",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20185"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20185",
          "url": "https://www.suse.com/security/cve/CVE-2018-20185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119823 for CVE-2018-20185",
          "url": "https://bugzilla.suse.com/1119823"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20185"
    },
    {
      "cve": "CVE-2018-6405",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6405"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
          "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6405",
          "url": "https://www.suse.com/security/cve/CVE-2018-6405"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078433 for CVE-2018-6405",
          "url": "https://bugzilla.suse.com/1078433"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1095726 for CVE-2018-6405",
          "url": "https://bugzilla.suse.com/1095726"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.78.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.78.1.x86_64",
            "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.78.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-03T16:32:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6405"
    }
  ]
}

GHSA-569G-RM32-H5JR

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-20185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-17T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",
  "id": "GHSA-569g-rm32-h5jr",
  "modified": "2022-05-13T01:23:18Z",
  "published": "2022-05-13T01:23:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20185"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/582"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4207-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4640"
    },
    {
      "type": "WEB",
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106229"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-20185 (GCVE-0-2018-20185)

WID-SEC-W-2023-0767

GSD-2018-20185

FKIE_CVE-2018-20185

SUSE-SU-2019:13923-1

GHSA-569G-RM32-H5JR

Tags

Sightings

Nomenclature