Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following security issue:
- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283).
An earlier update added a change that also fixed this issues that was unknown at the time of release:
- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282).
Список пакетов
openSUSE Leap 42.3
GraphicsMagick-1.3.25-108.1
GraphicsMagick-devel-1.3.25-108.1
libGraphicsMagick++-Q16-12-1.3.25-108.1
libGraphicsMagick++-devel-1.3.25-108.1
libGraphicsMagick-Q16-3-1.3.25-108.1
libGraphicsMagick3-config-1.3.25-108.1
libGraphicsMagickWand-Q16-2-1.3.25-108.1
perl-GraphicsMagick-1.3.25-108.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2833-1
- SUSE Security Ratings
Описание
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-108.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-108.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-108.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-108.1
Ссылки
- CVE-2018-16749
- SUSE Bug 1108282
Описание
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-108.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-108.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-108.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-108.1
Ссылки
- CVE-2018-16750
- SUSE Bug 1108283