Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3138-1

Опубликовано: 07 сент. 2022
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
ImageMagick-config-6-upstream-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-6.8.8.1-71.180.1
libMagickWand-6_Q16-1-6.8.8.1-71.180.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
ImageMagick-config-6-upstream-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-6.8.8.1-71.180.1
libMagickWand-6_Q16-1-6.8.8.1-71.180.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ImageMagick-6.8.8.1-71.180.1
ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
ImageMagick-config-6-upstream-6.8.8.1-71.180.1
ImageMagick-devel-6.8.8.1-71.180.1
libMagick++-6_Q16-3-6.8.8.1-71.180.1
libMagick++-devel-6.8.8.1-71.180.1
perl-PerlMagick-6.8.8.1-71.180.1
SUSE Linux Enterprise Workstation Extension 12 SP5
ImageMagick-6.8.8.1-71.180.1
libMagick++-6_Q16-3-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.180.1

Ссылки

Описание

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.180.1
SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.180.1
SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.180.1
Ссылки