Bug 1028071 (CVE-2017-6501)

Summary: VUL-0: CVE-2017-6501: GraphicsMagick,ImageMagick: An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file couldlead to a NULL poin...
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED WORKSFORME QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.1   
URL: https://smash.suse.de/issue/181229/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2017-03-06 09:51:02 UTC
CVE-2017-6501

An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could
lead to a NULL pointer dereference.

References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856881
https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751
Comment 1 Marcus Meissner 2017-03-06 09:56:24 UTC
sle11 and sle12 imagemagick and graphicsmagick do not contain the affected code.

only opensuse might contain it.
Comment 2 Swamp Workflow Management 2017-03-06 23:00:15 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2017-03-21 09:26:41 UTC
42.1/GraphicsMagick and 42.2/GraphicsMagick does not look it would be affected also.