Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2023-34474: Fixed heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c (bsc#1212237).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
ImageMagick-7.1.0.9-150400.6.24.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1
ImageMagick-devel-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1
libMagick++-devel-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
ImageMagick-7.1.0.9-150400.6.24.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1
ImageMagick-devel-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1
libMagick++-devel-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
perl-PerlMagick-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
perl-PerlMagick-7.1.0.9-150400.6.24.1
openSUSE Leap 15.4
ImageMagick-7.1.0.9-150400.6.24.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1
ImageMagick-devel-7.1.0.9-150400.6.24.1
ImageMagick-devel-32bit-7.1.0.9-150400.6.24.1
ImageMagick-doc-7.1.0.9-150400.6.24.1
ImageMagick-extra-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.24.1
libMagick++-devel-7.1.0.9-150400.6.24.1
libMagick++-devel-32bit-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1
perl-PerlMagick-7.1.0.9-150400.6.24.1
openSUSE Leap 15.5
ImageMagick-7.1.0.9-150400.6.24.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1
ImageMagick-devel-7.1.0.9-150400.6.24.1
ImageMagick-devel-32bit-7.1.0.9-150400.6.24.1
ImageMagick-doc-7.1.0.9-150400.6.24.1
ImageMagick-extra-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.24.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.24.1
libMagick++-devel-7.1.0.9-150400.6.24.1
libMagick++-devel-32bit-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.24.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.24.1
perl-PerlMagick-7.1.0.9-150400.6.24.1
Ссылки
- Link for SUSE-SU-2023:2878-1
- E-Mail link for SUSE-SU-2023:2878-1
- SUSE Security Ratings
- SUSE Bug 1212237
- SUSE CVE CVE-2023-34474 page
Описание
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-SUSE-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-upstream-7.1.0.9-150400.6.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-devel-7.1.0.9-150400.6.24.1
Ссылки
- CVE-2023-34474
- SUSE Bug 1212237