SUSE-SU-2018:2043-1 -- SLES ImageMagick, libMagick++-7_Q16HDRI4, libMagick++-devel, libMagickCore-7_Q16HDRI6, libMagickWand-7_Q16HDRI6ID: oval:org.secpod.oval:def:89049767 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the quantize.c file, which allowed remote attackers to cause buffer over-read via a crafted file. - CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in coders/mat.c. - CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, and ycbcr.c - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file . - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file . The following other changes were made: - Fix -gamma issues in special cases
Platform: |
SUSE Linux Enterprise Desktop 15 |
Product: |
ImageMagick |
libMagick++-7_Q16HDRI4 |
libMagick++-devel |
libMagickCore-7_Q16HDRI6 |
libMagickWand-7_Q16HDRI6 |