Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2019-12921: Fixed an issue where text filename components potentially coulf have allowed reading of arbitrary files via TranslateTextEx (boo#1167208).
- CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImages (boo#1167623).
Список пакетов
openSUSE Leap 15.1
GraphicsMagick-1.3.29-lp151.4.17.1
GraphicsMagick-devel-1.3.29-lp151.4.17.1
libGraphicsMagick++-Q16-12-1.3.29-lp151.4.17.1
libGraphicsMagick++-devel-1.3.29-lp151.4.17.1
libGraphicsMagick-Q16-3-1.3.29-lp151.4.17.1
libGraphicsMagick3-config-1.3.29-lp151.4.17.1
libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.17.1
perl-GraphicsMagick-1.3.29-lp151.4.17.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0416-1
- SUSE Security Ratings
- SUSE Bug 1167208
- SUSE Bug 1167623
- SUSE CVE CVE-2019-12921 page
- SUSE CVE CVE-2020-10938 page
Описание
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
Затронутые продукты
openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.17.1
Ссылки
- CVE-2019-12921
- SUSE Bug 1138425
- SUSE Bug 1167208
Описание
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Затронутые продукты
openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.17.1
openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.17.1
Ссылки
- CVE-2020-10938
- SUSE Bug 1167623