Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).
- CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).
- CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).
- CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)
We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP4
Ссылки
- Link for SUSE-SU-2019:1712-1
- E-Mail link for SUSE-SU-2019:1712-1
- SUSE Security Ratings
- SUSE Bug 1133204
- SUSE Bug 1133205
- SUSE Bug 1133498
- SUSE Bug 1133501
- SUSE Bug 1134075
- SUSE Bug 1135232
- SUSE Bug 1135236
- SUSE Bug 1136183
- SUSE Bug 1136732
- SUSE Bug 1138425
- SUSE Bug 1138464
- SUSE CVE CVE-2017-12805 page
- SUSE CVE CVE-2017-12806 page
- SUSE CVE CVE-2019-10131 page
- SUSE CVE CVE-2019-11470 page
- SUSE CVE CVE-2019-11472 page
- SUSE CVE CVE-2019-11505 page
Описание
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12805
- SUSE Bug 1135236
Описание
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-12806
- SUSE Bug 1135232
Описание
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
Затронутые продукты
Ссылки
- CVE-2019-10131
- SUSE Bug 1134075
Описание
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
Затронутые продукты
Ссылки
- CVE-2019-11470
- SUSE Bug 1133205
Описание
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
Затронутые продукты
Ссылки
- CVE-2019-11472
- SUSE Bug 1133202
- SUSE Bug 1133203
- SUSE Bug 1133204
- SUSE Bug 1146213
Описание
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Затронутые продукты
Ссылки
- CVE-2019-11505
- SUSE Bug 1133501
Описание
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
Затронутые продукты
Ссылки
- CVE-2019-11506
- SUSE Bug 1133498
Описание
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11597
- SUSE Bug 1138464
- SUSE Bug 1146211
Описание
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
Затронутые продукты
Ссылки
- CVE-2019-11598
- SUSE Bug 1136732
- SUSE Bug 1179313
- SUSE Bug 1179336