Suse Linux Enterprise Software Development Kit vulnerabilities

CVE-2014-9854 [HIGH] CWE-399 CVE-2014-9854: coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

CVE-2014-9853 [MEDIUM] CWE-399 CVE-2014-9853: Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (mem Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

CVE-2017-5898 [MEDIUM] CWE-190 CVE-2017-5898: Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emu Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.

CVE-2016-2317 [MEDIUM] CWE-119 CVE-2016-2317: Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of servi Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

CVE-2016-2318 [MEDIUM] CWE-476 CVE-2016-2318: GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

CVE-2015-8930 [HIGH] CWE-20 CVE-2015-8930: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loo bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

CVE-2015-8931 [HIGH] CWE-190 CVE-2015-8931: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_rea Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

CVE-2015-8925 [MEDIUM] CWE-125 CVE-2015-8925: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remot The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

CVE-2015-8929 [MEDIUM] CWE-119 CVE-2015-8929: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive befo Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

CVE-2015-8932 [MEDIUM] CWE-20 CVE-2015-8932: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2 The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

CVE-2015-8926 [MEDIUM] CWE-476 CVE-2015-8926: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive be The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

CVE-2015-8933 [MEDIUM] CWE-190 CVE-2015-8933: Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c i Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

CVE-2015-8934 [MEDIUM] CWE-125 CVE-2015-8934: The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earl The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

CVE-2015-8928 [MEDIUM] CWE-125 CVE-2015-8928: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 all The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVE-2016-5772 [CRITICAL] CWE-415 CVE-2016-5772: Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in P Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

CVE-2015-8808 [MEDIUM] CWE-119 CVE-2015-8808: The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

CVE-2016-5118 [CRITICAL] CVE-2016-5118: The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attack The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

CVE-2015-5041 [CRITICAL] CWE-200 CVE-2015-5041: The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

CVE-2016-0718 [CRITICAL] CWE-119 CVE-2016-0718: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute ar Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

CVE-2016-0264 [MEDIUM] CWE-119 CVE-2016-0264: Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.