SUSE-SU-2019:1712-1 -- SLES ImageMagick, libMagickCore-6_Q16-1, libMagickWand-6_Q16-1ID: oval:org.secpod.oval:def:89043504 | Date: (C)2021-03-05 (M)2023-03-08 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage . - Fixed a file content disclosure via SVG and WMF decoding .- CVE-2019-11472: Fixed a denial of service in ReadXWDImage . - CVE-2019-11470: Fixed a denial of service in ReadCINImage . - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage . - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage . - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c . - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM . - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage . - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
ImageMagick |
libMagickCore-6_Q16-1 |
libMagickWand-6_Q16-1 |