Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2019-12921: Fixed an issue where text filename components potentially coulf have
allowed reading of arbitrary files via TranslateTextEx (boo#1167208).
- CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow in
HuffmanDecodeImages (boo#1167623).
This update was imported from the openSUSE:Leap:15.1:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1167623
VUL-1: CVE-2020-10938: GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c
bnc#1167208
VUL-1: CVE-2019-12921: GraphicsMagick,ImageMagick: the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG
