Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ImageMagick

This update for ImageMagick fixes the following issues:

The following security vulnerabilities were fixed:

- CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the
quantize.c file, which allowed remote attackers to cause buffer over-read via
a crafted file. (bsc#1096200)
- CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in
coders/mat.c. (bsc#1096203)
- CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c,
and ycbcr.c (bsc#1095812)
- CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed
attackers to cause an out of bounds write via a crafted file (bsc#1098545).
- CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed
attackers to cause an out of bounds write via a crafted file (bsc#1098546).

The following other changes were made:

- Fix -gamma issues in special cases. (bsc#1094745, bsc#1094742)

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1098545
VUL-0: CVE-2018-12600: GraphicsMagick,ImageMagick: out of bounds write in ReadDIBImage and WriteDIBImage in coders/dib.c
bnc#1098546
VUL-0: CVE-2018-12599: GraphicsMagick,ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c
CVE-2018-12599
CVE-2018-12600
bnc#1094742
ImageMagick: Error message when running convert with `-gamma -1,-1,0`parameter
bnc#1094745
openQA test fails in ImageMagick - `-gamma` behavior is off
bnc#1095812
VUL-1: CVE-2018-10805: ImageMagick: Memory leak in ReadYCBCRImage
bnc#1096200
VUL-1: CVE-2018-11625: GraphicsMagick,ImageMagick: heap-based buffer over-read in SetGrayscaleImage in the quantize.c
bnc#1096203
VUL-1: CVE-2018-11624: GraphicsMagick,ImageMagick: use after free in ReadMATImage function in coders/mat.c
CVE-2018-11624
CVE-2018-11625
CVE-2018-10805
Selected Binaries
openSUSE Build Service is sponsored by
Places