SUSE-SU-2019:2106-1
- Source
- https://www.suse.com/support/update/announcement/2019/suse-su-20192106-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2106-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:2106-1
- Related
- Published
- 2019-08-09T15:40:37Z
- Modified
- 2019-08-09T15:40:37Z
- Summary
- Security update for ImageMagick
- Details
-
This update for ImageMagick fixes the following issues:
- CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554).
- CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520).
- CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501).
- CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513).
- CVE-2019-13303: Fixed a heap-based buffer over-read in MagickCore/composite.c in CompositeImage (bsc#1140549).
- CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665).
- CVE-2019-13299: Fixed a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668).
- CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171).
- CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).
- CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).
- CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886).
- CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673).
- CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534).
- CVE-2019-13302: Fixed a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages (bsc#1140552).
- CVE-2019-13298: Fixed a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667).
- CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669).
- CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538).
- CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag() (bsc#1139884).
- CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106).
- CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103).
- CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885).
- CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111).
- CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140547).
- CVE-2019-13305: Fixed one more stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140545).
- CVE-2019-13306: Fixed an additional stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140543).
- CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).
- CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).
- CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105).
- CVE-2019-13136: Fixed a integer overflow vulnerability in the TIFFSeekCustomStream() (bsc#1140104).
- CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110).
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20192106-1/
- https://bugzilla.suse.com/1139884
- https://bugzilla.suse.com/1139885
- https://bugzilla.suse.com/1139886
- https://bugzilla.suse.com/1140100
- https://bugzilla.suse.com/1140102
- https://bugzilla.suse.com/1140103
- https://bugzilla.suse.com/1140104
- https://bugzilla.suse.com/1140105
- https://bugzilla.suse.com/1140106
- https://bugzilla.suse.com/1140110
- https://bugzilla.suse.com/1140111
- https://bugzilla.suse.com/1140501
- https://bugzilla.suse.com/1140513
- https://bugzilla.suse.com/1140520
- https://bugzilla.suse.com/1140534
- https://bugzilla.suse.com/1140538
- https://bugzilla.suse.com/1140543
- https://bugzilla.suse.com/1140545
- https://bugzilla.suse.com/1140547
- https://bugzilla.suse.com/1140549
- https://bugzilla.suse.com/1140552
- https://bugzilla.suse.com/1140554
- https://bugzilla.suse.com/1140664
- https://bugzilla.suse.com/1140665
- https://bugzilla.suse.com/1140666
- https://bugzilla.suse.com/1140667
- https://bugzilla.suse.com/1140668
- https://bugzilla.suse.com/1140669
- https://bugzilla.suse.com/1140673
- https://bugzilla.suse.com/1141171
- https://www.suse.com/security/cve/CVE-2019-12974
- https://www.suse.com/security/cve/CVE-2019-12975
- https://www.suse.com/security/cve/CVE-2019-12976
- https://www.suse.com/security/cve/CVE-2019-12977
- https://www.suse.com/security/cve/CVE-2019-12978
- https://www.suse.com/security/cve/CVE-2019-12979
- https://www.suse.com/security/cve/CVE-2019-13133
- https://www.suse.com/security/cve/CVE-2019-13134
- https://www.suse.com/security/cve/CVE-2019-13135
- https://www.suse.com/security/cve/CVE-2019-13136
- https://www.suse.com/security/cve/CVE-2019-13137
- https://www.suse.com/security/cve/CVE-2019-13295
- https://www.suse.com/security/cve/CVE-2019-13296
- https://www.suse.com/security/cve/CVE-2019-13297
- https://www.suse.com/security/cve/CVE-2019-13298
- https://www.suse.com/security/cve/CVE-2019-13299
- https://www.suse.com/security/cve/CVE-2019-13300
- https://www.suse.com/security/cve/CVE-2019-13301
- https://www.suse.com/security/cve/CVE-2019-13302
- https://www.suse.com/security/cve/CVE-2019-13303
- https://www.suse.com/security/cve/CVE-2019-13304
- https://www.suse.com/security/cve/CVE-2019-13305
- https://www.suse.com/security/cve/CVE-2019-13306
- https://www.suse.com/security/cve/CVE-2019-13307
- https://www.suse.com/security/cve/CVE-2019-13308
- https://www.suse.com/security/cve/CVE-2019-13309
- https://www.suse.com/security/cve/CVE-2019-13310
- https://www.suse.com/security/cve/CVE-2019-13311
- https://www.suse.com/security/cve/CVE-2019-13391
- https://www.suse.com/security/cve/CVE-2019-13454
Affected packages
SUSE:Linux Enterprise Module for Desktop Applications 15 / ImageMagick
Package
- Name
- ImageMagick
- Purl
- purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.7.34-3.67.1
Ecosystem specific
{
"binaries": [
{
"ImageMagick-config-7-SUSE": "7.0.7.34-3.67.1",
"ImageMagick-config-7-upstream": "7.0.7.34-3.67.1",
"libMagickCore-7_Q16HDRI6": "7.0.7.34-3.67.1",
"ImageMagick-devel": "7.0.7.34-3.67.1",
"ImageMagick": "7.0.7.34-3.67.1",
"libMagick++-7_Q16HDRI4": "7.0.7.34-3.67.1",
"libMagick++-devel": "7.0.7.34-3.67.1",
"libMagickWand-7_Q16HDRI6": "7.0.7.34-3.67.1"
}
]
}
SUSE:Linux Enterprise Module for Desktop Applications 15 SP1 / ImageMagick
Package
- Name
- ImageMagick
- Purl
- purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.7.34-3.67.1
Ecosystem specific
{
"binaries": [
{
"ImageMagick-config-7-SUSE": "7.0.7.34-3.67.1",
"libMagickCore-7_Q16HDRI6": "7.0.7.34-3.67.1",
"ImageMagick-devel": "7.0.7.34-3.67.1",
"ImageMagick": "7.0.7.34-3.67.1",
"libMagick++-7_Q16HDRI4": "7.0.7.34-3.67.1",
"libMagick++-devel": "7.0.7.34-3.67.1",
"libMagickWand-7_Q16HDRI6": "7.0.7.34-3.67.1"
}
]
}
SUSE:Linux Enterprise Module for Development Tools 15 / ImageMagick
Package
- Name
- ImageMagick
- Purl
- purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015