Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732)
We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1133204
VUL-1: CVE-2019-11472: ImageMagick,GraphicsMagick: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the
bnc#1133498
VUL-1: CVE-2019-11506: GraphicsMagick: heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possi
bnc#1133501
VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly
bnc#1133205
VUL-1: CVE-2019-11470: ImageMagick: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size.
bnc#1136183
VUL-1: ImageMagick: PCL might still decode using ghostscript
bnc#1136732
VUL-0: CVE-2019-11598: ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
