Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554).
- CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501).
- CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513).
- CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171).
- CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).
- CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).
- CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886).
- CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673).
- CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534).
- CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669).
- CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538).
- CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106).
- CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103).
- CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885).
- CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111).
- CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).
- CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).
- CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
ImageMagick-6.8.8.1-71.126.1
ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
ImageMagick-config-6-upstream-6.8.8.1-71.126.1
libMagick++-6_Q16-3-6.8.8.1-71.126.1
libMagickCore-6_Q16-1-6.8.8.1-71.126.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.126.1
libMagickWand-6_Q16-1-6.8.8.1-71.126.1
SUSE Linux Enterprise Server 12 SP4
ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
ImageMagick-config-6-upstream-6.8.8.1-71.126.1
libMagickCore-6_Q16-1-6.8.8.1-71.126.1
libMagickWand-6_Q16-1-6.8.8.1-71.126.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
ImageMagick-config-6-upstream-6.8.8.1-71.126.1
libMagickCore-6_Q16-1-6.8.8.1-71.126.1
libMagickWand-6_Q16-1-6.8.8.1-71.126.1
SUSE Linux Enterprise Software Development Kit 12 SP4
ImageMagick-6.8.8.1-71.126.1
ImageMagick-devel-6.8.8.1-71.126.1
libMagick++-6_Q16-3-6.8.8.1-71.126.1
libMagick++-devel-6.8.8.1-71.126.1
perl-PerlMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Workstation Extension 12 SP4
ImageMagick-6.8.8.1-71.126.1
ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
ImageMagick-config-6-upstream-6.8.8.1-71.126.1
libMagick++-6_Q16-3-6.8.8.1-71.126.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.126.1
Ссылки
- Link for SUSE-SU-2019:2010-1
- E-Mail link for SUSE-SU-2019:2010-1
- SUSE Security Ratings
- SUSE Bug 1139885
- SUSE Bug 1139886
- SUSE Bug 1140100
- SUSE Bug 1140102
- SUSE Bug 1140103
- SUSE Bug 1140106
- SUSE Bug 1140110
- SUSE Bug 1140111
- SUSE Bug 1140501
- SUSE Bug 1140513
- SUSE Bug 1140534
- SUSE Bug 1140538
- SUSE Bug 1140554
- SUSE Bug 1140664
- SUSE Bug 1140666
- SUSE Bug 1140669
- SUSE Bug 1140673
Описание
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-12974
- SUSE Bug 1140111
Описание
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-12975
- SUSE Bug 1140106
Описание
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-12976
- SUSE Bug 1140110
Описание
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-12978
- SUSE Bug 1139885
Описание
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-12979
- SUSE Bug 1139886
Описание
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13133
- SUSE Bug 1140100
Описание
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13134
- SUSE Bug 1140102
Описание
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13135
- SUSE Bug 1140103
Описание
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13295
- SUSE Bug 1140664
Описание
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13297
- SUSE Bug 1140666
Описание
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13300
- SUSE Bug 1140669
Описание
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13301
- SUSE Bug 1140554
Описание
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13307
- SUSE Bug 1140538
Описание
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13308
- SUSE Bug 1140534
Описание
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13310
- SUSE Bug 1140501
- SUSE Bug 1140520
Описание
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13311
- SUSE Bug 1140513
- SUSE Bug 1140554
Описание
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13391
- SUSE Bug 1140673
Описание
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-SUSE-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:ImageMagick-config-6-upstream-6.8.8.1-71.126.1
SUSE Linux Enterprise Desktop 12 SP4:libMagick++-6_Q16-3-6.8.8.1-71.126.1
Ссылки
- CVE-2019-13454
- SUSE Bug 1141171