Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836).
- CVE-2020-27767: outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2021:0528-1
- E-Mail link for SUSE-SU-2021:0528-1
- SUSE Security Ratings
- SUSE Bug 1179322
- SUSE Bug 1181836
- SUSE CVE CVE-2020-27767 page
- SUSE CVE CVE-2021-20176 page
Описание
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Затронутые продукты
Ссылки
- CVE-2020-27767
- SUSE Bug 1179268
- SUSE Bug 1179269
- SUSE Bug 1179322
- SUSE Bug 1179346
Описание
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20176
- SUSE Bug 1181836
- SUSE Bug 1182326