Lucene search
SuseOPENSUSE-SU-2019:1983-1HistoryAug 21, 2019 - 12:00 a.m.
Security update for ImageMagick (moderate)
2019-08-2100:00:00
lists.opensuse.org
102
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
An update that fixes 30 vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory()
(bsc#1140554). - CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to
mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an
error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a
wand/mogrify.c error (bsc#1140513). - CVE-2019-13303: Fixed a heap-based buffer over-read in
MagickCore/composite.c in CompositeImage (bsc#1140549). - CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an
error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665). - CVE-2019-13299: Fixed a heap-based buffer over-read at
MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in
MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at
MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at
MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in
SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in
MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in
MagickCore/fourier.c (bsc#1140534). - CVE-2019-13302: Fixed a heap-based buffer over-read in
MagickCore/fourier.c in ComplexImages (bsc#1140552). - CVE-2019-13298: Fixed a heap-based buffer overflow at
MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667). - CVE-2019-13300: Fixed a heap-based buffer overflow at
MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at
MagickCore/statistic.c (bsc#1140538). - CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag()
(bsc#1139884). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in
coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage()
(bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in
ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage()
(bsc#1140111). - CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in
WritePNMImage (bsc#1140547). - CVE-2019-13305: Fixed one more stack-based buffer overflow at
coders/pnm.c in WritePNMImage (bsc#1140545). - CVE-2019-13306: Fixed an additional stack-based buffer overflow at
coders/pnm.c in WritePNMImage (bsc#1140543). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).
- CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).
- CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105).
- CVE-2019-13136: Fixed a integer overflow vulnerability in the
TIFFSeekCustomStream() (bsc#1140104). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in
coders/pcl.c(bsc#1140110).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1983=1
-
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1983=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.1 | i586 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.i586.rpm | |
| openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm | |
| openSUSE Leap | 15.0 | i586 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.i586.rpm | |
| openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm |
Related
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2019:1983-1)
2019-08-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2106-1)
2021-06-09 00:00:00
ImageMagick <= 7.0.8-50 Multiple Vulnerabilities - Mac OS X
2019-07-15 00:00:00
nessus
nessus
openSUSE Security Update : ImageMagick (openSUSE-2019-1983)
2019-08-22 00:00:00
SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:2106-1)
2019-08-12 00:00:00
ImageMagick < 7.0.8-56 Multiple vulnerabilities
2019-07-26 00:00:00
ibm
ibm
Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux
2020-01-21 09:05:12
cloudfoundry
cloudfoundry
USN-4192-1: ImageMagick vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-11-14 00:00:00
osv
osv
imagemagick - security update
2019-08-16 00:00:00
imagemagick - security update
2020-07-02 00:00:00
imagemagick - security update
2020-06-30 00:00:00
debian
debian
[SECURITY] [DLA 1888-1] imagemagick security update
2019-08-16 14:14:20
[SECURITY] [DSA 4712-1] imagemagick security update
2020-06-30 20:31:53
[SECURITY] [DSA 4715-1] imagemagick security update
2020-07-02 18:34:51
ubuntucve
ubuntucve
amazon
amazon
Medium: php56-pecl-imagick
2023-08-21 12:14:00
Important: ImageMagick
2024-01-19 01:51:00
Medium: php55-pecl-imagick
2023-08-21 12:14:00
veracode
veracode
Heap-based Buffer Over-read
2020-05-10 23:22:00
Denial Of Service (DoS)
2020-04-29 22:57:21
Arbitrary Code Execution
2020-05-10 23:26:21
cve
cve
redhatcve
redhatcve
prion
prion
Integer overflow
2019-07-01 20:15:00
Heap overflow
2019-07-05 01:15:00
Null pointer dereference
2019-07-05 01:15:00
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00
debiancve
debiancve
alpinelinux
alpinelinux
f5
f5
K03512441 : ImageMagick vulnerability CVE-2019-13136
2019-10-11 00:00:00
K20336394 : ImageMagick vulnerability CVE-2019-13135
2019-10-08 00:00:00
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
redhat
redhat
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for OPENSUSE-SU-2019:1983-1