SUSE-SU-2023:3186-1

Опубликовано: 03 авг. 2023

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-private.h (bsc#1213624).

Список пакетов

openSUSE Leap 15.4

libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1

libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1

libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1

libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1

libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233186-1/
Link for SUSE-SU-2023:3186-1
https://lists.suse.com/pipermail/sle-security-updates/2023-August/015774.html
E-Mail link for SUSE-SU-2023:3186-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1213624
SUSE Bug 1213624
https://www.suse.com/security/cve/CVE-2023-3745/
SUSE CVE CVE-2023-3745 page

Описание

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Затронутые продукты

openSUSE Leap 15.4:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1

openSUSE Leap 15.4:libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1

openSUSE Leap 15.4:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1

openSUSE Leap 15.4:libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-3745.html
CVE-2023-3745
https://bugzilla.suse.com/1213624
SUSE Bug 1213624

SUSE-SU-2023:3186-1

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-3745

Описание

Затронутые продукты

Ссылки