SUSE Package Hub - openSUSE-2020-145

Update Info

openSUSE-2020-145

Security update for GraphicsMagick

Type: security

Severity: moderate

Issued: 2020-01-29

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852)
- CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321).
- CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364).

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

CVE: CVE-2019-19953
CVE: CVE-2019-19951
CVE: CVE-2019-19950
Bugzilla: 1160364 VUL-1: CVE-2019-19953: GraphicsMagick: heap-based buffer over-read in the function EncodeImage of coders/pict.c
Bugzilla: 1160321 VUL-1: CVE-2019-19951: GraphicsMagick: heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c
Bugzilla: 1159852 VUL-1: CVE-2019-19950: GraphicsMagick: use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

Packages

GraphicsMagick-1.3.29-bp151.5.9.1