Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)
- CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790)
Список пакетов
openSUSE Leap 42.3
GraphicsMagick-1.3.25-120.1
GraphicsMagick-devel-1.3.25-120.1
libGraphicsMagick++-Q16-12-1.3.25-120.1
libGraphicsMagick++-devel-1.3.25-120.1
libGraphicsMagick-Q16-3-1.3.25-120.1
libGraphicsMagick3-config-1.3.25-120.1
libGraphicsMagickWand-Q16-2-1.3.25-120.1
perl-GraphicsMagick-1.3.25-120.1
Ссылки
- E-Mail link for openSUSE-SU-2018:4313-1
- SUSE Security Ratings
Описание
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-120.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-120.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-120.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-120.1
Ссылки
- CVE-2018-20184
- SUSE Bug 1119822
Описание
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
Затронутые продукты
openSUSE Leap 42.3:GraphicsMagick-1.3.25-120.1
openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-120.1
openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-120.1
openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-120.1
Ссылки
- CVE-2018-20189
- SUSE Bug 1119790