Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1354-1

Опубликовано: 09 мая 2019
Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-11506: Fixed a heap-based buffer overflow in the function WriteMATLABImage (boo#1133498).
  • CVE-2019-11505: Fixed a heap-based buffer overflow in the function WritePDBImage (boo#1133501).

The following fixes where modified and refreshed:

  • CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage (boo#1132054).
  • CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage (boo#1132053).
  • CVE-2019-11473: Fixed an out-of-bounds read leading to a possible denial of service in coders/xwd.c (boo#1133203).
  • CVE-2019-11474: Fixed a floating-point exception leading to a possible denial of service in coders/xwd.c (boo#1133202).

Список пакетов

openSUSE Leap 15.0
GraphicsMagick-1.3.29-lp150.3.28.1
GraphicsMagick-devel-1.3.29-lp150.3.28.1
libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
libGraphicsMagick-Q16-3-1.3.29-lp150.3.28.1
libGraphicsMagick3-config-1.3.29-lp150.3.28.1
libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.28.1
perl-GraphicsMagick-1.3.29-lp150.3.28.1

Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки

Описание

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки

Описание

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки

Описание

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки

Описание

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

Затронутые продукты
openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1
openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.28.1
Ссылки
Уязвимость openSUSE-SU-2019:1354-1