Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058)
- CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061)
- CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055)
- CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060)
- CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054)
- CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053)
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:1272-1
- SUSE Security Ratings
- SUSE Bug 1132053
- SUSE Bug 1132054
- SUSE Bug 1132055
- SUSE Bug 1132058
- SUSE Bug 1132060
- SUSE Bug 1132061
- SUSE CVE CVE-2019-11005 page
- SUSE CVE CVE-2019-11006 page
- SUSE CVE CVE-2019-11007 page
- SUSE CVE CVE-2019-11008 page
- SUSE CVE CVE-2019-11009 page
- SUSE CVE CVE-2019-11010 page
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
Затронутые продукты
Ссылки
- CVE-2019-11005
- SUSE Bug 1132058
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
Затронутые продукты
Ссылки
- CVE-2019-11006
- SUSE Bug 1132061
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Затронутые продукты
Ссылки
- CVE-2019-11007
- SUSE Bug 1132060
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11008
- SUSE Bug 1132054
- SUSE Bug 1133202
- SUSE Bug 1133203
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11009
- SUSE Bug 1132053
- SUSE Bug 1133202
- SUSE Bug 1133203
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11010
- SUSE Bug 1132055