Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732)
We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Development Tools 15 SP1
Ссылки
- Link for SUSE-SU-2019:1523-1
- E-Mail link for SUSE-SU-2019:1523-1
- SUSE Security Ratings
- SUSE Bug 1133204
- SUSE Bug 1133205
- SUSE Bug 1133498
- SUSE Bug 1133501
- SUSE Bug 1136183
- SUSE Bug 1136732
- SUSE CVE CVE-2019-11470 page
- SUSE CVE CVE-2019-11472 page
- SUSE CVE CVE-2019-11505 page
- SUSE CVE CVE-2019-11506 page
- SUSE CVE CVE-2019-11598 page
Описание
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
Затронутые продукты
Ссылки
- CVE-2019-11470
- SUSE Bug 1133205
Описание
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
Затронутые продукты
Ссылки
- CVE-2019-11472
- SUSE Bug 1133202
- SUSE Bug 1133203
- SUSE Bug 1133204
- SUSE Bug 1146213
Описание
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Затронутые продукты
Ссылки
- CVE-2019-11505
- SUSE Bug 1133501
Описание
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
Затронутые продукты
Ссылки
- CVE-2019-11506
- SUSE Bug 1133498
Описание
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
Затронутые продукты
Ссылки
- CVE-2019-11598
- SUSE Bug 1136732
- SUSE Bug 1179313
- SUSE Bug 1179336