Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="10103">
  <issue tracker="bnc" id="1132055">VUL-1: CVE-2019-11010: GraphicsMagick,ImageMagick: there is a memory leak in ReadMPCImage of coders/mpc.c, which allows attackers to cause DOS via a crafted image file</issue>
  <issue tracker="bnc" id="1132054">VUL-0: CVE-2019-11008: GraphicsMagick,ImageMagick: a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c allows remote attackers to cause DOS or other unspecified impact</issue>
  <issue tracker="bnc" id="1132053">VUL-0: CVE-2019-11009: GraphicsMagick,ImageMagick: a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, allows attackers to cause DOS or information disclosure</issue>
  <issue tracker="bnc" id="1132060">VUL-1: CVE-2019-11007: GraphicsMagick,ImageMagick: a heap-based buffer over-read in the ReadMNGImage function of coders/png.c allows attackers to cause a denial of service or information disclosure</issue>
  <issue tracker="bnc" id="1132061">VUL-1: CVE-2019-11006: GraphicsMagick,ImageMagick: a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c allows attackers to cause DOS or information disclosure</issue>
  <issue tracker="bnc" id="1132058">VUL-1: CVE-2019-11005: GraphicsMagick,ImageMagick: a stack-based buffer overflow in SVGStartElement of coders/svg.c allows attackers to cause DOS or an unspecified impact</issue>
  <issue tracker="cve" id="2019-11009"/>
  <issue tracker="cve" id="2019-11008"/>
  <issue tracker="cve" id="2019-11007"/>
  <issue tracker="cve" id="2019-11006"/>
  <issue tracker="cve" id="2019-11005"/>
  <issue tracker="cve" id="2019-11010"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for GraphicsMagick fixes the following issues:

- CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058)
- CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061)
- CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055)
- CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060)
- CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054)
- CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053)


This update was imported from the openSUSE:Leap:15.0:Update update project.</description>
  <summary>Security update for GraphicsMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places