Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
- CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064).
- CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381).
- CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
- CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989).
- CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996).
- CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2019:13993-1
- E-Mail link for SUSE-SU-2019:13993-1
- SUSE Security Ratings
- SUSE Bug 1106989
- SUSE Bug 1106996
- SUSE Bug 1113064
- SUSE Bug 1120381
- SUSE Bug 1124365
- SUSE Bug 1124366
- SUSE Bug 1128649
- SUSE CVE CVE-2018-16412 page
- SUSE CVE CVE-2018-16413 page
- SUSE CVE CVE-2018-18544 page
- SUSE CVE CVE-2018-20467 page
- SUSE CVE CVE-2019-7175 page
- SUSE CVE CVE-2019-7397 page
- SUSE CVE CVE-2019-7398 page
Описание
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
Затронутые продукты
Ссылки
- CVE-2018-16412
- SUSE Bug 1106989
- SUSE Bug 1106996
Описание
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
Затронутые продукты
Ссылки
- CVE-2018-16413
- SUSE Bug 1106989
- SUSE Bug 1106996
Описание
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
Затронутые продукты
Ссылки
- CVE-2018-18544
- SUSE Bug 1113064
Описание
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2018-20467
- SUSE Bug 1120381
Описание
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
Затронутые продукты
Ссылки
- CVE-2019-7175
- SUSE Bug 1128649
Описание
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
Затронутые продукты
Ссылки
- CVE-2019-7397
- SUSE Bug 1124366
Описание
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
Затронутые продукты
Ссылки
- CVE-2019-7398
- SUSE Bug 1124365