Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
-
CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).
-
CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).
-
CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
-
CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381).
-
CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
-
CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
-
CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368).
-
CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989).
-
CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996).
-
CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609).
-
CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).
-
CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054).
-
CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053).
-
Added extra -config- packages with Postscript/EPS/PDF readers still enabled.
Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033)
These are two packages that can be selected:
- ImageMagick-config-6-SUSE: This has the PS decoders disabled.
- ImageMagick-config-6-upstream: This has the PS decoders enabled.
Depending on your local needs install either one of them. The default is the -SUSE configuration.
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:1320-1
- SUSE Security Ratings
Описание
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
Затронутые продукты
Ссылки
- CVE-2018-16412
- SUSE Bug 1106989
- SUSE Bug 1106996
Описание
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
Затронутые продукты
Ссылки
- CVE-2018-16413
- SUSE Bug 1106989
- SUSE Bug 1106996
Описание
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
Затронутые продукты
Ссылки
- CVE-2018-16644
- SUSE Bug 1107609
- SUSE Bug 1107612
- SUSE Bug 1117463
Описание
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2018-20467
- SUSE Bug 1120381
Описание
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-10650
- SUSE Bug 1131317
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Затронутые продукты
Ссылки
- CVE-2019-11007
- SUSE Bug 1132060
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11008
- SUSE Bug 1132054
- SUSE Bug 1133202
- SUSE Bug 1133203
Описание
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-11009
- SUSE Bug 1132053
- SUSE Bug 1133202
- SUSE Bug 1133203
Описание
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
Затронутые продукты
Ссылки
- CVE-2019-7175
- SUSE Bug 1128649
Описание
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
Затронутые продукты
Ссылки
- CVE-2019-7395
- SUSE Bug 1124368
Описание
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
Затронутые продукты
Ссылки
- CVE-2019-7397
- SUSE Bug 1124366
Описание
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
Затронутые продукты
Ссылки
- CVE-2019-7398
- SUSE Bug 1124365
Описание
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2019-9956
- SUSE Bug 1130330