Bug 1110747 - (CVE-2018-17965) VUL-1: CVE-2018-17965: ImageMagick: Memory leak vulnerability in WriteSGIImage
(CVE-2018-17965)
VUL-1: CVE-2018-17965: ImageMagick: Memory leak vulnerability in WriteSGIImage
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216110/
CVSSv3:SUSE:CVE-2018-17965:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-04 11:56 UTC by Johannes Segitz
Modified: 2018-11-20 07:46 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-10-04 11:56:54 UTC
CVE-2018-17965

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in
coders/sgi.c.

https://github.com/ImageMagick/ImageMagick/issues/1052

SLE 12 only

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17965
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17965.html
Comment 1 Petr Gajdos 2018-10-11 07:56:46 UTC
Even if there is a bit different code (iris_pixels), the CVE is applicable also for 11/*Magick.
Comment 2 Petr Gajdos 2018-10-11 07:57:11 UTC
Will submit for 12,11/ImageMagick and 11/GraphicsMagick.
Comment 3 Petr Gajdos 2018-10-12 17:02:35 UTC
Packages submitted.
I believe all fixed.
Comment 6 Swamp Workflow Management 2018-10-17 10:12:02 UTC
SUSE-SU-2018:3191-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
Comment 7 Swamp Workflow Management 2018-10-18 17:27:16 UTC
openSUSE-SU-2018:3225-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-73.1
Comment 8 Swamp Workflow Management 2018-10-22 13:13:53 UTC
SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
Comment 11 Swamp Workflow Management 2018-10-23 19:19:36 UTC
SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
Comment 12 Marcus Meissner 2018-10-26 06:40:57 UTC
released