This update for ImageMagick fixes several issues.
These security issues were fixed:
- CVE-2017-18027: Prevent memory leak vulnerability in the function
ReadMATImage which allowed remote attackers to cause a denial of service via a
crafted file (bsc#1076051)
- CVE-2017-18029: Prevent memory leak in the function ReadMATImage which
allowed remote attackers to cause a denial of service via a crafted file
(bsc#1076021)
- CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in
coders/psd.c, which allowed attackers to cause a denial of service (CPU
exhaustion) via a crafted psd image file (bsc#1072901).
- CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers
to cause a denial of service via a PWP file (bsc#1074309).
- CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage
function. Remote attackers could leverage this vulnerability to cause a denial
of service via an image file with a crafted bit-field mask value (bsc#1075939)
- CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage()
function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h
(bsc#1050635)
- CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that
allowed remote attackers to cause a denial of service (bsc#1050098)
- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to
cause a denial of service (memory leak) via a crafted file (bsc#1043353).
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to
cause a denial of service (memory leak) via a crafted file (bsc#1043354).
- CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted MNG image (bsc#1047908).
- CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
coders/png.c (bsc#1050037).
- CVE-2017-11505: The...