An update that fixes 6 vulnerabilities is now available.
Description:
This update for GraphicsMagick fixes the following issues:
- CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement
of coders/svg.c that allowed attackers to cause DOS or an unspecified
impact (boo#1132058)
- CVE-2019-11006: Fixed a heap-based buffer over-read in the function
ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or
information disclosure (boo#1132061)
- CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that
which allowed attackers to cause DOS via a crafted image file
(boo#1132055)
- CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage
function of coders/png.c that which allowed attackers to cause a denial
of service or information disclosure (boo#1132060)
- CVE-2019-11008: Fixed a heap-based buffer overflow in the function
WriteXWDImage of coders/xwd.c that which allowed remote attackers to
cause DOS or other unspecified impact (boo#1132054)
- CVE-2019-11009: Fixed a heap-based buffer over-read in the function
ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS
or information disclosure (boo#1132053)
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: