Overview

File _patchinfo of Package patchinfo.8747

<patchinfo incident="8747">
  <issue tracker="bnc" id="1108283">VUL-1: CVE-2018-16750: GraphicsMagick,ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c</issue>
  <issue tracker="bnc" id="1108282">VUL-1: CVE-2018-16749: GraphicsMagick,ImageMagick:  Missing NULL check in ReadOneJNGImage in coders/png.c</issue>
  <issue tracker="cve" id="2018-16750"/>
  <issue tracker="cve" id="2018-16749"/>
  <category>security</category>
  <rating>low</rating>
  <packager>pgajdos</packager>
  <description>This update for GraphicsMagick fixes the following security issue:

- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283).

An earlier update added a change that also fixed this issues that was unknown
at the time of release:

- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an
  attacker to cause a denial of service (WriteBlob assertion failure and
  application exit) via a crafted file (bsc#1108282).
  </description>
  <summary>Security update for GraphicsMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places