pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
87765ef560
vuln-list-update/suse/cvrf/testdata/cvrf-opensuse-su-2016-3233-1.xml
rahul2393 a62fe1fcc1
Refactored based on operating system (#81)
2021-04-23 11:21:27 +03:00

540 lines
34 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">Security update for ImageMagick</DocumentTitle>
<DocumentType>SUSE Patch</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>security@suse.de</ContactDetails>
<IssuingAuthority>SUSE Security Team</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openSUSE-SU-2016:3233-1</ID>
</Identification>
<Status>Final</Status>
<Version>1</Version>
<RevisionHistory>
<Revision>
<Number>1</Number>
<Date>2016-12-22T10:02:22Z</Date>
<Description>current</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2016-12-22T10:02:22Z</InitialReleaseDate>
<CurrentReleaseDate>2016-12-22T10:02:22Z</CurrentReleaseDate>
<Generator>
<Engine>cve-database/bin/generate-cvrf.pl</Engine>
<Date>2017-02-24T01:00:00Z</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for ImageMagick</Note>
<Note Title="Details" Type="General" Ordinal="2" xml:lang="en">
This security update for ImageMagick fixes the following issues:
- a maliciously crafted compressed TIFF image could cause code remote code
execution in the convert utility in particular circumstances
(CVE-2016-8707, boo#1014159)
- a memory allocation failure was fixed
(CVE-2016-8866, boo#1009318, follow up on CVE-2016-8862)
- the identify utility could crash on maliciously crafted images
(CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)
</Note>
<Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).</Note>
</DocumentNotes>
<DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0)</DocumentDistribution>
<DocumentReferences>
<Reference Type="Self">
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
<Description>E-Mail link for openSUSE-SU-2016:3233-1</Description>
</Reference>
<Reference Type="Self">
<URL>https://www.suse.com/support/security/rating/</URL>
<Description>SUSE Security Ratings</Description>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Family" Name="openSUSE 13.2">
<Branch Type="Product Name" Name="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2">openSUSE 13.2</FullProductName>
</Branch>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-6.8.9.8-45.1">ImageMagick-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-debuginfo-6.8.9.8-45.1">ImageMagick-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-debugsource-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-debugsource-6.8.9.8-45.1">ImageMagick-debugsource-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-devel-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-devel-6.8.9.8-45.1">ImageMagick-devel-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-devel-32bit-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-devel-32bit-6.8.9.8-45.1">ImageMagick-devel-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-doc-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-doc-6.8.9.8-45.1">ImageMagick-doc-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-extra-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-extra-6.8.9.8-45.1">ImageMagick-extra-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="ImageMagick-extra-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="ImageMagick-extra-debuginfo-6.8.9.8-45.1">ImageMagick-extra-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-6_Q16-5-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-6_Q16-5-6.8.9.8-45.1">libMagick++-6_Q16-5-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-6_Q16-5-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-6_Q16-5-32bit-6.8.9.8-45.1">libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1">libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1">libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-devel-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-devel-6.8.9.8-45.1">libMagick++-devel-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagick++-devel-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagick++-devel-32bit-6.8.9.8-45.1">libMagick++-devel-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickCore-6_Q16-2-6.8.9.8-45.1">
<FullProductName ProductID="libMagickCore-6_Q16-2-6.8.9.8-45.1">libMagickCore-6_Q16-2-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1">libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1">libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickWand-6_Q16-2-6.8.9.8-45.1">
<FullProductName ProductID="libMagickWand-6_Q16-2-6.8.9.8-45.1">libMagickWand-6_Q16-2-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1">libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1">libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">
<FullProductName ProductID="libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="perl-PerlMagick-6.8.9.8-45.1">
<FullProductName ProductID="perl-PerlMagick-6.8.9.8-45.1">perl-PerlMagick-6.8.9.8-45.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="perl-PerlMagick-debuginfo-6.8.9.8-45.1">
<FullProductName ProductID="perl-PerlMagick-debuginfo-6.8.9.8-45.1">perl-PerlMagick-debuginfo-6.8.9.8-45.1</FullProductName>
</Branch>
<Relationship ProductReference="ImageMagick-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-6.8.9.8-45.1">ImageMagick-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1">ImageMagick-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-debugsource-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1">ImageMagick-debugsource-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-devel-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1">ImageMagick-devel-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-devel-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1">ImageMagick-devel-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-doc-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1">ImageMagick-doc-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-extra-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1">ImageMagick-extra-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="ImageMagick-extra-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1">ImageMagick-extra-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-6_Q16-5-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1">libMagick++-6_Q16-5-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-6_Q16-5-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1">libMagick++-6_Q16-5-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1">libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1">libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-devel-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1">libMagick++-devel-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagick++-devel-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1">libMagick++-devel-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickCore-6_Q16-2-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1">libMagickCore-6_Q16-2-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1">libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1">libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickWand-6_Q16-2-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1">libMagickWand-6_Q16-2-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1">libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1">libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1">libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="perl-PerlMagick-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1">perl-PerlMagick-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="perl-PerlMagick-debuginfo-6.8.9.8-45.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1">perl-PerlMagick-debuginfo-6.8.9.8-45.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
</ProductTree>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.</Note>
</Notes>
<CVE>CVE-2016-8707</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:ImageMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>important</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.0</BaseScore>
<Vector>AV:N/AC:M/Au:S/C:P/I:P/A:P</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2016-8707.html</URL>
<Description>CVE-2016-8707</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1014159</URL>
<Description>SUSE Bug 1014159</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.</Note>
</Notes>
<CVE>CVE-2016-8862</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:ImageMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>moderate</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.1</BaseScore>
<Vector>AV:N/AC:M/Au:N/C:N/I:N/A:C</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2016-8862.html</URL>
<Description>CVE-2016-8862</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1007245</URL>
<Description>SUSE Bug 1007245</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1009318</URL>
<Description>SUSE Bug 1009318</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1031267</URL>
<Description>SUSE Bug 1031267</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.</Note>
</Notes>
<CVE>CVE-2016-8866</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:ImageMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>important</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.1</BaseScore>
<Vector>AV:N/AC:M/Au:N/C:N/I:N/A:C</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2016-8866.html</URL>
<Description>CVE-2016-8866</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1007245</URL>
<Description>SUSE Bug 1007245</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1009318</URL>
<Description>SUSE Bug 1009318</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1031267</URL>
<Description>SUSE Bug 1031267</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="4">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.</Note>
</Notes>
<CVE>CVE-2016-9556</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:ImageMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>important</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.3</BaseScore>
<Vector>AV:N/AC:M/Au:N/C:N/I:N/A:P</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2016-9556.html</URL>
<Description>CVE-2016-9556</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1011130</URL>
<Description>SUSE Bug 1011130</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1013376</URL>
<Description>SUSE Bug 1013376</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="5">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.</Note>
</Notes>
<CVE>CVE-2016-9773</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:ImageMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-debugsource-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-doc-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:ImageMagick-extra-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagick++-devel-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-6.8.9.8-45.1</ProductID>
<ProductID>openSUSE 13.2:perl-PerlMagick-debuginfo-6.8.9.8-45.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>important</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.3</BaseScore>
<Vector>AV:N/AC:M/Au:N/C:N/I:N/A:P</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2016-9773.html</URL>
<Description>CVE-2016-9773</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1011130</URL>
<Description>SUSE Bug 1011130</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1013376</URL>
<Description>SUSE Bug 1013376</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1017421</URL>
<Description>SUSE Bug 1017421</Description>
</Reference>
</References>
</Vulnerability>
</cvrfdoc>
View Git Blame Copy Permalink