Security update for GraphicsMagick (moderate)

2019-04-3000:00:00

lists.opensuse.org

0.024 Low

EPSS

Percentile

90.0%

JSON

An update that fixes 6 vulnerabilities is now available.

Description:

This update for GraphicsMagick fixes the following issues:

CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement
of coders/svg.c that allowed attackers to cause DOS or an unspecified
impact (boo#1132058)
CVE-2019-11006: Fixed a heap-based buffer over-read in the function
ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or
information disclosure (boo#1132061)
CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that
which allowed attackers to cause DOS via a crafted image file
(boo#1132055)
CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage
function of coders/png.c that which allowed attackers to cause a denial
of service or information disclosure (boo#1132060)
CVE-2019-11008: Fixed a heap-based buffer overflow in the function
WriteXWDImage of coders/xwd.c that which allowed remote attackers to
cause DOS or other unspecified impact (boo#1132054)
CVE-2019-11009: Fixed a heap-based buffer over-read in the function
ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS
or information disclosure (boo#1132053)

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1295=1

OSVersionArchitecturePackageVersionFilename
openSUSE Backports SLE15x86_64<  openSUSE Backports SLE-15 (x86_64):- openSUSE Backports SLE-15 (x86_64):.x86_64.rpm