Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213)
- CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212)
- CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211)
- CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068)
- CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781).
- CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782).
- CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783).
- CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784).
- CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785).
- CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2019:2785-2
- E-Mail link for SUSE-SU-2019:2785-2
- SUSE Security Ratings
- SUSE Bug 1146068
- SUSE Bug 1146211
- SUSE Bug 1146212
- SUSE Bug 1146213
- SUSE Bug 1151781
- SUSE Bug 1151782
- SUSE Bug 1151783
- SUSE Bug 1151784
- SUSE Bug 1151785
- SUSE Bug 1151786
- SUSE CVE CVE-2019-14980 page
- SUSE CVE CVE-2019-15139 page
- SUSE CVE CVE-2019-15140 page
- SUSE CVE CVE-2019-15141 page
- SUSE CVE CVE-2019-16708 page
- SUSE CVE CVE-2019-16709 page
- SUSE CVE CVE-2019-16710 page
Описание
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
Затронутые продукты
Ссылки
- CVE-2019-14980
- SUSE Bug 1146068
Описание
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
Затронутые продукты
Ссылки
- CVE-2019-15139
- SUSE Bug 1146213
Описание
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
Затронутые продукты
Ссылки
- CVE-2019-15140
- SUSE Bug 1146212
Описание
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
Затронутые продукты
Ссылки
- CVE-2019-15141
- SUSE Bug 1146211
Описание
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
Затронутые продукты
Ссылки
- CVE-2019-16708
- SUSE Bug 1151781
Описание
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
Затронутые продукты
Ссылки
- CVE-2019-16709
- SUSE Bug 1151782
Описание
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
Затронутые продукты
Ссылки
- CVE-2019-16710
- SUSE Bug 1151783
Описание
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
Затронутые продукты
Ссылки
- CVE-2019-16711
- SUSE Bug 1151784
Описание
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
Затронутые продукты
Ссылки
- CVE-2019-16712
- SUSE Bug 1151785
Описание
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
Затронутые продукты
Ссылки
- CVE-2019-16713
- SUSE Bug 1151786