Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800).
- CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
ImageMagick-7.0.7.34-150200.10.36.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
ImageMagick-devel-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-devel-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
perl-PerlMagick-7.0.7.34-150200.10.36.1
openSUSE Leap 15.3
ImageMagick-7.0.7.34-150200.10.36.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
ImageMagick-devel-7.0.7.34-150200.10.36.1
ImageMagick-devel-32bit-7.0.7.34-150200.10.36.1
ImageMagick-doc-7.0.7.34-150200.10.36.1
ImageMagick-extra-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.36.1
libMagick++-devel-7.0.7.34-150200.10.36.1
libMagick++-devel-32bit-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
perl-PerlMagick-7.0.7.34-150200.10.36.1
openSUSE Leap 15.4
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
Ссылки
- Link for SUSE-SU-2022:3119-1
- E-Mail link for SUSE-SU-2022:3119-1
- SUSE Security Ratings
- SUSE Bug 1202250
- SUSE Bug 1202800
- SUSE CVE CVE-2021-20224 page
- SUSE CVE CVE-2022-2719 page
Описание
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-devel-7.0.7.34-150200.10.36.1
Ссылки
- CVE-2021-20224
- SUSE Bug 1202800
Описание
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:ImageMagick-devel-7.0.7.34-150200.10.36.1
Ссылки
- CVE-2022-2719
- SUSE Bug 1202250