Overview

File _patchinfo of Package patchinfo.11106

<patchinfo incident="11106">
  <issue tracker="cve" id="2019-11597"/>
  <issue tracker="cve" id="2019-11472"/>
  <issue tracker="cve" id="2019-11506"/>
  <issue tracker="cve" id="2019-11505"/>
  <issue tracker="cve" id="2019-11470"/>
  <issue id="2019-10131" tracker="cve" />
  <issue tracker="cve" id="2017-12806"/>
  <issue tracker="cve" id="2017-12805"/>
  <issue tracker="cve" id="2019-11598"/>
  <issue tracker="bnc" id="1133204">VUL-1: CVE-2019-11472: ImageMagick,GraphicsMagick: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the</issue>
  <issue tracker="bnc" id="1133205">VUL-1: CVE-2019-11470: ImageMagick: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size.</issue>
  <issue tracker="bnc" id="1133501">VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly</issue>
  <issue tracker="bnc" id="1133498">VUL-1: CVE-2019-11506: GraphicsMagick: heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possi</issue>
  <issue id="1134075" tracker="bnc">VUL-1: CVE-2019-10131: ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c</issue>
  <issue id="1135232" tracker="bnc">VUL-1: CVE-2017-12806: ImageMagick: memory exhaustion in function format8BIM causing denial of service</issue>
  <issue tracker="bnc" id="1135236">VUL-1: CVE-2017-12805: ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service</issue>
  <issue tracker="bnc" id="1136183">VUL-1: ImageMagick: PCL might still decode using ghostscript</issue>
  <issue tracker="bnc" id="1136732">VUL-0: CVE-2019-11598: ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure</issue>
  <issue tracker="bnc" id="1138425">VUL-0: ImageMagick,GraphiscMagick: disclosure of file content via SVG and WMF decoding</issue>
  <issue tracker="bnc" id="1138464">VUL-0: CVE-2019-11597: ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ImageMagick</summary>
  <description>This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).
- CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).
- CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).
- CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)
    
We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places