First Last Prev Next    This bug is not in your last search results.
Bug 1086011 - (CVE-2018-8804) VUL-1: CVE-2018-8804: ImageMagick: WriteEPTImage allows attackers to cause a denial of service (double free and application crash)
(CVE-2018-8804)
VUL-1: CVE-2018-8804: ImageMagick: WriteEPTImage allows attackers to cause a ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/202245/
CVSSv3:SUSE:CVE-2018-8804:3.3:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-20 13:58 UTC by Johannes Segitz
Modified: 2018-04-06 22:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (1.16 KB, image/jpeg)
2018-03-20 13:58 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-03-20 13:58:45 UTC 
Created attachment 764253 [details]
Reproducer

CVE-2018-8804

WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote
attackers to cause a denial of service (MagickCore/memory.c double free and
application crash) or possibly have unspecified other impact via a crafted file.

Reproducer: convert not_kitty.jpg not_kitty.EPT2

IM SLE 11/12 affected.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8804
https://github.com/ImageMagick/ImageMagick/issues/1025
Comment 1 Petr Gajdos 2018-03-21 11:23:49 UTC 
BEFORE

12/ImageMagick

$ convert not_kitty.jpg not_kitty.ept2
Aborted (core dumped)
$

$ valgrind -q convert not_kitty.jpg not_kitty.ept2
==12840== Invalid free() / delete / delete[] / realloc()
==12840==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==12840==    by 0x4E8F149: WriteBlob (blob.c:4174)
==12840==    by 0x841B082: TerminateDestination (jpeg.c:1812)
==12840==    by 0x862779B: jpeg_finish_compress (in /usr/lib64/libjpeg.so.8.1.2)
==12840==    by 0x841F0EB: WriteJPEGImage (jpeg.c:2786)
==12840==    by 0x4EC178B: WriteImage (constitute.c:1237)
==12840==    by 0x4E8F7FB: InjectImageBlob (blob.c:1963)
==12840==    by 0x8A94C79: WritePS2Image (ps2.c:860)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==  Address 0x820e2c0 is 0 bytes inside a block of size 65,541 free'd
==12840==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==12840==    by 0x4E8EE09: SetBlobExtent (blob.c:3841)
==12840==    by 0x4E90898: WriteBlobStream (blob.c:1117)
==12840==    by 0x4E90898: WriteBlobString (blob.c:4583)
==12840==    by 0x8A9456B: WritePS2Image (ps2.c:565)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E48C: ImageToBlob (blob.c:1586)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840== 
==12840== Invalid free() / delete / delete[] / realloc()
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x4F5C3CE: RelinquishMagickMemory (memory.c:957)
==12840==    by 0x4F5C83F: ResizeMagickMemory (memory.c:1143)
==12840==    by 0x4E8F149: WriteBlob (blob.c:4174)
==12840==    by 0x841B082: TerminateDestination (jpeg.c:1812)
==12840==    by 0x862779B: jpeg_finish_compress (in /usr/lib64/libjpeg.so.8.1.2)
==12840==    by 0x841F0EB: WriteJPEGImage (jpeg.c:2786)
==12840==    by 0x4EC178B: WriteImage (constitute.c:1237)
==12840==    by 0x4E8F7FB: InjectImageBlob (blob.c:1963)
==12840==    by 0x8A94C79: WritePS2Image (ps2.c:860)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==12840==  Address 0x820e2c0 is 0 bytes inside a block of size 65,541 free'd
==12840==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==12840==    by 0x4E8EE09: SetBlobExtent (blob.c:3841)
==12840==    by 0x4E90898: WriteBlobStream (blob.c:1117)
==12840==    by 0x4E90898: WriteBlobString (blob.c:4583)
==12840==    by 0x8A9456B: WritePS2Image (ps2.c:565)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4E8E48C: ImageToBlob (blob.c:1586)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A03D: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed840 is 0 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A046: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A056: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A076: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed920 is 224 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A07F: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A086: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 8
==12840==    at 0x587A08D: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A091: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed924 is 228 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A095: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed918 is 216 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5883EC1: _IO_file_sync@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x587A0A1: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed868 is 40 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5883EC8: _IO_file_sync@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x587A0A1: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed860 is 32 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5883EFF: _IO_file_sync@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x587A0A1: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed848 is 8 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5883F03: _IO_file_sync@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x587A0A1: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed850 is 16 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 8
==12840==    at 0x5883F09: _IO_file_sync@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x587A0A1: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8d0 is 144 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A0AB: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed840 is 0 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x587A0B3: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A0BA: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed924 is 228 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 8
==12840==    at 0x587A0C0: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x587A0D8: fflush (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C94F: CloseBlob (blob.c:513)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed920 is 224 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x5881850: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed840 is 0 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5881862: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x5881872: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x5881896: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed920 is 224 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x588189B: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 8
==12840==    at 0x58818A2: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed8c8 is 136 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x58818A9: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed840 is 0 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 8
==12840==    at 0x58818AC: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x58818B0: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed924 is 228 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 4
==12840==    at 0x58818B6: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed924 is 228 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 4
==12840==    at 0x58818C8: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed924 is 228 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid write of size 8
==12840==    at 0x58818CD: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed928 is 232 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x58818E5: ferror (in /lib64/libc-2.19.so)
==12840==    by 0x4E8C98B: CloseBlob (blob.c:524)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed920 is 224 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
==12840== Invalid read of size 4
==12840==    at 0x5881950: fileno (in /lib64/libc-2.19.so)
==12840==    by 0x4E8A2D8: GetBlobSize (blob.c:1371)
==12840==    by 0x4E8C9A4: CloseBlob (blob.c:555)
==12840==    by 0x4E8DA32: DestroyBlob (blob.c:650)
==12840==    by 0x4F48730: DestroyImage (image.c:1068)
==12840==    by 0x888E461: WriteEPTImage (ept.c:427)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840==  Address 0x81ed840 is 0 bytes inside a block of size 568 free'd
==12840==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12840==    by 0x5879CB4: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==12840==    by 0x4E8E49B: ImageToBlob (blob.c:1587)
==12840==    by 0x888E452: WriteEPTImage (ept.c:425)
==12840==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==12840==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==12840==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==12840==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==12840==    by 0x400836: ConvertMain (convert.c:81)
==12840==    by 0x400836: main (convert.c:92)
==12840== 
convert: unknown `' @ error/ps2.c/WritePS2Image/863.
$

11/ImageMagick

$ convert not_kitty.jpg not_kitty.ept2
$

PATCH

Referenced from the upstream bug:
https://github.com/ImageMagick/ImageMagick/commit/6355db269e03f879c516cf9d592c72e157bc75d6
This fixes invalid reads (%s read from write_info->filename later); but not the double free.


AFTER

12/ImageMagick

$ valgrind -q convert not_kitty.jpg not_kitty.ept2
==17645== Invalid free() / delete / delete[] / realloc()
==17645==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==17645==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==17645==    by 0x4E8F149: WriteBlob (blob.c:4174)
==17645==    by 0x841B082: TerminateDestination (jpeg.c:1812)
==17645==    by 0x862779B: jpeg_finish_compress (in /usr/lib64/libjpeg.so.8.1.2)
==17645==    by 0x841F0EB: WriteJPEGImage (jpeg.c:2786)
==17645==    by 0x4EC178B: WriteImage (constitute.c:1237)
==17645==    by 0x4E8F7FB: InjectImageBlob (blob.c:1963)
==17645==    by 0x8A94C79: WritePS2Image (ps2.c:860)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==17645==    by 0x888E472: WriteEPTImage (ept.c:432)
==17645==  Address 0x80d0050 is 0 bytes inside a block of size 65,541 free'd
==17645==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==17645==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==17645==    by 0x4E8EE09: SetBlobExtent (blob.c:3841)
==17645==    by 0x4E90898: WriteBlobStream (blob.c:1117)
==17645==    by 0x4E90898: WriteBlobString (blob.c:4583)
==17645==    by 0x8A9456B: WritePS2Image (ps2.c:565)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==17645==    by 0x888E472: WriteEPTImage (ept.c:432)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==17645==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==17645==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==17645== 
==17645== Invalid free() / delete / delete[] / realloc()
==17645==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==17645==    by 0x4F5C3CE: RelinquishMagickMemory (memory.c:957)
==17645==    by 0x4F5C83F: ResizeMagickMemory (memory.c:1143)
==17645==    by 0x4E8F149: WriteBlob (blob.c:4174)
==17645==    by 0x841B082: TerminateDestination (jpeg.c:1812)
==17645==    by 0x862779B: jpeg_finish_compress (in /usr/lib64/libjpeg.so.8.1.2)
==17645==    by 0x841F0EB: WriteJPEGImage (jpeg.c:2786)
==17645==    by 0x4EC178B: WriteImage (constitute.c:1237)
==17645==    by 0x4E8F7FB: InjectImageBlob (blob.c:1963)
==17645==    by 0x8A94C79: WritePS2Image (ps2.c:860)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==17645==  Address 0x80d0050 is 0 bytes inside a block of size 65,541 free'd
==17645==    at 0x4C2B41E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==17645==    by 0x4F5C822: ResizeMagickMemory (memory.c:1141)
==17645==    by 0x4E8EE09: SetBlobExtent (blob.c:3841)
==17645==    by 0x4E90898: WriteBlobStream (blob.c:1117)
==17645==    by 0x4E90898: WriteBlobString (blob.c:4583)
==17645==    by 0x8A9456B: WritePS2Image (ps2.c:565)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4E8E3B0: ImageToBlob (blob.c:1551)
==17645==    by 0x888E472: WriteEPTImage (ept.c:432)
==17645==    by 0x4EC13BC: WriteImage (constitute.c:1237)
==17645==    by 0x4EC1CA1: WriteImages (constitute.c:1394)
==17645==    by 0x531B923: ConvertImageCommand (convert.c:3154)
==17645==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==17645== 
convert: unknown `' @ error/ps2.c/WritePS2Image/863.
$

[invalid reads are away, but double free not]

11/ImageMagick

$ convert not_kitty.jpg not_kitty.ept2
$
Comment 2 Petr Gajdos 2018-03-21 11:25:11 UTC 
The double free had not gone also for 7.0.7-27 and 6.9.9-39, which has referenced fix in #1025 in. I have reported new upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/1032
Comment 3 Petr Gajdos 2018-03-26 10:03:50 UTC 
Added
https://github.com/ImageMagick/ImageMagick/commit/cde9c8c20b42aac4908b491efde4221262a0fee5
to the fix.

AFTER

12/ImageMagick

$ valgrind -q convert not_kitty.jpg not_kitty.ept2
$

11/ImageMagick

$ valgrind -q convert not_kitty.jpg not_kitty.ept2
==2587== Syscall param write(buf) points to uninitialised byte(s)
==2587==    at 0x8440F6B: write (in /lib64/libc-2.9.so)
==2587==    by 0x83EAEF9: _IO_file_write (in /lib64/libc-2.9.so)
==2587==    by 0x83EAB59: (within /lib64/libc-2.9.so)
==2587==    by 0x83EAE94: _IO_do_write (in /lib64/libc-2.9.so)
==2587==    by 0x83EB737: _IO_file_sync (in /lib64/libc-2.9.so)
==2587==    by 0x83DF415: fflush (in /lib64/libc-2.9.so)
==2587==    by 0x4E699B7: CloseBlob (blob.c:473)
==2587==    by 0xA1129A9: WriteEPTImage (ept.c:481)
==2587==    by 0x4E94145: WriteImage (constitute.c:955)
==2587==    by 0x4E9490A: WriteImages (constitute.c:1126)
==2587==    by 0x529339C: ConvertImageCommand (convert.c:2711)
==2587==    by 0x400F73: main (convert.c:122)
==2587==  Address 0x402007e is not stack'd, malloc'd or (recently) free'd
$
[the same as BEFORE]
Comment 4 Petr Gajdos 2018-03-26 10:24:32 UTC 
Will submit for: 12/ImageMagick and 11/ImageMagick
Comment 5 Petr Gajdos 2018-03-26 10:38:12 UTC 
I believe all fixed.
Comment 7 Swamp Workflow Management 2018-04-03 13:09:59 UTC 
SUSE-SU-2018:0857-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011
CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
Comment 8 Swamp Workflow Management 2018-04-05 19:13:00 UTC 
SUSE-SU-2018:0880-1: An update that fixes 16 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1084060,1086011
CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-9500,CVE-2018-7443,CVE-2018-8804
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1
Comment 9 Andreas Stieger 2018-04-06 16:54:26 UTC 
releasing for Leap, closing as done
Comment 10 Swamp Workflow Management 2018-04-06 22:09:42 UTC 
openSUSE-SU-2018:0893-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011
CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-58.1
First Last Prev Next    This bug is not in your last search results.