Bug 1087030 (CVE-2017-18253)

Summary: VUL-1: CVE-2017-18253: GraphicsMagick, ImageMagick: NULL pointer dereference in the function LoadOpenCLDevices inMagickCore/opencl.c
Product: [openSUSE] openSUSE Distribution Reporter: Johannes Segitz <jsegitz>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None    
Version: Leap 42.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/202743/
Whiteboard: CVSSv3:RedHat:CVE-2017-18253:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2018-03-27 08:39:25 UTC
CVE-2017-18253

An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference
vulnerability was found in the function LoadOpenCLDevices in
MagickCore/opencl.c, which allows attackers to cause a denial of service via a
crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18253
https://github.com/ImageMagick/ImageMagick/issues/794
Comment 1 Johannes Segitz 2018-03-27 08:40:12 UTC
Not in SLES|Leap, fixed in Factory. Documentation only