SUSE Package Hub - openSUSE-2019-688

Update Info

openSUSE-2019-688

Security update for GraphicsMagick

Type: security

Severity: low

Issued: 2019-03-23

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2018-16644: Added missing check for length in the functions ReadDCMImage
  and ReadPICTImage, which allowed remote attackers to cause a denial of service
  via a crafted image (bsc#1107609)
- CVE-2018-16645: Prevent excessive memory allocation issue in the functions
  ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial
  of service via a crafted image file (bsc#1107604)

References

CVE: CVE-2018-16645
CVE: CVE-2018-16644
Bugzilla: 1107609 VUL-1: CVE-2018-16644: GraphicsMagick,ImageMagick: missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict
Bugzilla: 1107604 VUL-1: CVE-2018-16645: GraphicsMagick,ImageMagick: excessive memory allocation issue in the functions ReadBMPImage ofcoders/bmp.c and ReadDIBImage of coders/dib.c

Packages

GraphicsMagick-1.3.29-bp150.2.6.1