openSUSE Build Service

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).
- CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).
- CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).
- CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)

We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)

This update was imported from the SUSE:SLE-12:Update update project.

Submitted by Petr Gajdos (pgajdos)

Fixed bugs

VUL-1: CVE-2019-11472: ImageMagick,GraphicsMagick: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the

bnc#1133205

VUL-1: CVE-2019-11470: ImageMagick: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size.

bnc#1133501

VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly

bnc#1133498

VUL-1: CVE-2019-11506: GraphicsMagick: heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possi

bnc#1134075

VUL-1: CVE-2019-10131: ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c

bnc#1135232

VUL-1: CVE-2017-12806: ImageMagick: memory exhaustion in function format8BIM causing denial of service

bnc#1135236

VUL-1: CVE-2017-12805: ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service

bnc#1136183

VUL-1: ImageMagick: PCL might still decode using ghostscript

bnc#1136732

VUL-0: CVE-2019-11598: ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure

bnc#1138425

VUL-0: ImageMagick,GraphiscMagick: disclosure of file content via SVG and WMF decoding

bnc#1138464

VUL-0: CVE-2019-11597: ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure

Places

Fixed bugs

Selected Binaries

Places