Security update for GraphicsMagick
This update for GraphicsMagick fixes the following security issue:
- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283).
An earlier update added a change that also fixed this issues that was unknown
at the time of release:
- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an
attacker to cause a denial of service (WriteBlob assertion failure and
application exit) via a crafted file (bsc#1108282).
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1108283
VUL-1: CVE-2018-16750: GraphicsMagick,ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
bnc#1108282
VUL-1: CVE-2018-16749: GraphicsMagick,ImageMagick: Missing NULL check in ReadOneJNGImage in coders/png.c
