Bugzilla – Bug 1083628
VUL-1: CVE-2017-18209: ImageMagick: In the GetOpenCLCachedFilesDirectory function a NULL pointer dereference can occur
Last modified: 2018-04-06 22:40:59 UTC
CVE-2017-18209 In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. SLE 12 only AFAICS References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18209 https://github.com/ImageMagick/ImageMagick/issues/790
No testcase found.
Submitted for 12/ImageMagick.
SUSE-SU-2018:0857-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1
releasing for Leap, closing as done
openSUSE-SU-2018:0893-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-58.1