Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0739-1

Опубликовано: 26 мар. 2019
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
  • CVE-2018-18544: Fixed a memory leak in the function WriteMSLImage (bsc#1113064).
  • CVE-2018-20467: Fixed an infinite loop in coders/bmp.c (bsc#1120381).
  • CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
  • CVE-2019-7396: Fixed a memory leak in the function ReadSIXELImage (bsc#1124367).
  • CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368).
  • CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
  • CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996).

Non-security issue fixed:

  • Fixed a regression in regards to the 'edge' comand line flag (bsc#1106415)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15
ImageMagick-7.0.7.34-3.49.4
ImageMagick-devel-7.0.7.34-3.49.4
libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
libMagick++-devel-7.0.7.34-3.49.4
libMagickCore-7_Q16HDRI6-7.0.7.34-3.49.4
libMagickWand-7_Q16HDRI6-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Development Tools 15
perl-PerlMagick-7.0.7.34-3.49.4

Ссылки

Описание

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.49.4
SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.49.4
Ссылки
Уязвимость SUSE-SU-2019:0739-1