Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2018-18544: Fixed memory leak in the function WriteMSLImage() (bsc#1113064).
- CVE-2017-10794: Fixed buffer overflow in RGB TIFF picture processing (bsc#1112392).
- CVE-2017-14997: Fixed integer underflow in ReadPICTImage in coders/pict.c (bsc#1112399).
- CVE-2018-20185: Fixed heap-based buffer over-read in the ReadBMPImage function of bmp.c (bsc#1119823)
- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)
Regressions fixed after security update:
- CVE-2017-12663: Fixed memory leak in WriteMAPImage in coders/map.c (bsc#1052754).
- CVE-2017-9405: Fixed memory leak in the ReadICONImage function (bsc#1042911).
- CVE-2018-6405: Fixed ReadDCMImage function in coders/dcm (bsc#1078433).
Non-security issues fixed:
- debug_build: build more suitable for debugging
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2019:13923-1
- E-Mail link for SUSE-SU-2019:13923-1
- SUSE Security Ratings
- SUSE Bug 1042911
- SUSE Bug 1052754
- SUSE Bug 1078433
- SUSE Bug 1112392
- SUSE Bug 1112399
- SUSE Bug 1113064
- SUSE Bug 1119822
- SUSE Bug 1119823
- SUSE CVE CVE-2017-10794 page
- SUSE CVE CVE-2017-12663 page
- SUSE CVE CVE-2017-14997 page
- SUSE CVE CVE-2017-9405 page
- SUSE CVE CVE-2018-18544 page
- SUSE CVE CVE-2018-20184 page
- SUSE CVE CVE-2018-20185 page
- SUSE CVE CVE-2018-6405 page
Описание
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
Затронутые продукты
Ссылки
- CVE-2017-10794
- SUSE Bug 1112392
Описание
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
Затронутые продукты
Ссылки
- CVE-2017-12663
- SUSE Bug 1052754
Описание
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
Затронутые продукты
Ссылки
- CVE-2017-14997
- SUSE Bug 1112399
- SUSE Bug 1117463
Описание
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9405
- SUSE Bug 1042911
Описание
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
Затронутые продукты
Ссылки
- CVE-2018-18544
- SUSE Bug 1113064
Описание
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
Затронутые продукты
Ссылки
- CVE-2018-20184
- SUSE Bug 1119822
Описание
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.
Затронутые продукты
Ссылки
- CVE-2018-20185
- SUSE Bug 1119823
Описание
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-6405
- SUSE Bug 1078433
- SUSE Bug 1095726