Overview

File _patchinfo of Package patchinfo.18189

<patchinfo incident="18189">
  <issue tracker="cve" id="2023-34151"/>
  <issue tracker="cve" id="2022-2719"/>
  <issue tracker="cve" id="2021-20246"/>
  <issue tracker="cve" id="2021-20243"/>
  <issue tracker="cve" id="2021-20241"/>
  <issue tracker="cve" id="2021-20244"/>
  <issue tracker="cve" id="2021-20176"/>
  <issue tracker="cve" id="2021-20313"/>
  <issue tracker="cve" id="2021-20312"/>
  <issue tracker="cve" id="2021-20311"/>
  <issue tracker="cve" id="2021-20309"/>
  <issue tracker="cve" id="2022-0284"/>
  <issue tracker="cve" id="2022-28463"/>
  <issue tracker="cve" id="2022-32545"/>
  <issue tracker="cve" id="2022-32547"/>
  <issue tracker="cve" id="2022-32546"/>
  <issue tracker="cve" id="2019-17540"/>
  <issue tracker="cve" id="2021-20224"/>
  <issue tracker="cve" id="2022-44267"/>
  <issue tracker="cve" id="2022-44268"/>
  <issue tracker="cve" id="2023-1289"/>
  <issue tracker="cve" id="2023-3745"/>
  <issue tracker="cve" id="2020-21679"/>
  <issue tracker="cve" id="2023-5341"/>
  <issue tracker="bnc" id="1215939">VUL-0: CVE-2023-5341: ImageMagick: Heap use-after-free in coders/bmp.c</issue>
  <issue tracker="bnc" id="1214578">VUL-0: CVE-2020-21679: GraphicsMagick, ImageMagick: Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service.</issue>
  <issue tracker="bnc" id="1211791">VUL-0: CVE-2023-34151: ImageMagick,GraphicsMagick: ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders</issue>
  <issue tracker="bnc" id="1209141">VUL-0: CVE-2023-1289: GraphicsMagick,ImageMagick: segmentation fault and possible DoS via specially crafted SVG</issue>
  <issue tracker="bnc" id="1202800">VUL-0: CVE-2021-20224: ImageMagick: integer overflow in ExportIndexQuantum() function in MagickCore/quantum-export.c</issue>
  <issue tracker="bnc" id="1202250">VUL-0: CVE-2022-2719: ImageMagick: DoS due to attempted writing of NULL image list</issue>
  <issue tracker="bnc" id="1153866">VUL-0: CVE-2019-17540: ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c</issue>
  <issue tracker="bnc" id="1200388">VUL-1: CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.c</issue>
  <issue tracker="bnc" id="1200387">VUL-0: CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.c</issue>
  <issue tracker="bnc" id="1200389">VUL-1: CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c</issue>
  <issue tracker="bnc" id="1182337">VUL-0: CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.c</issue>
  <issue tracker="bnc" id="1181836">VUL-0: CVE-2021-20176,CVE-2021-20242: ImageMagick: processing crafted file leads to division by zero</issue>
  <issue tracker="bnc" id="1182336">VUL-0: CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.c</issue>
  <issue tracker="bnc" id="1182325">VUL-0: CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.c</issue>
  <issue tracker="bnc" id="1182335">VUL-0: CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.c</issue>
  <issue tracker="bnc" id="1184627">VUL-0: CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c</issue>
  <issue tracker="bnc" id="1184628">VUL-1: CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c</issue>
  <issue tracker="bnc" id="1184624">VUL-0: CVE-2021-20309: ImageMagick: Division by zero in WaveImage() of MagickCore/visual-effects.c</issue>
  <issue tracker="bnc" id="1184626">VUL-0: CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c</issue>
  <issue tracker="bnc" id="1195563">VUL-0: CVE-2022-0284: ImageMagick: Heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h</issue>
  <issue tracker="bnc" id="1199350"></issue>
  <issue tracker="bnc" id="1197147"></issue>
  <issue tracker="bnc" id="1207983">VUL-0: CVE-2022-44268: GraphicsMagick,ImageMagick: arbitrary file disclosure when parsing a PNG image</issue>
  <issue tracker="bnc" id="1207982">VUL-0: CVE-2022-44267: GraphicsMagick,ImageMagick: denial of service when parsing a PNG image</issue>
  <issue tracker="bnc" id="1213624">VUL-1: CVE-2023-3745: GraphicsMagick,ImageMagick: heap out of bounds read in PushCharPixel() in quantum-private.h</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ImageMagick</summary>
  <description>This update for ImageMagick fixes the following issues:
    
Security issues:

- CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939)
- CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578)
- CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-private.h (bsc#1213624).
- CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791).
- CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141)
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387)
- CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389)
- CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388)
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
- CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250).
- CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563).
- CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212).
- CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628)
- CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627)
- CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626)
- CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624)
- CVE-2021-20246: Division by zero in ScaleResampleFilter in MagickCore/resample.c (bsc#1182337).
- CVE-2021-20244: Division by zero in ImplodeImage in MagickCore/visual-effects.c (bsc#1182325).
- CVE-2021-20243: Division by zero in GetResizeFilterWeight in MagickCore/resize.c (bsc#1182336).
- CVE-2021-20241: Division by zero in WriteJP2Image() in coders/jp2.c (bsc#1182335).
- CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800).
- CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836).
- CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866)

Bugfixes:

- Use png_get_eXIf_1 when available (bsc#1197147).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places