SUSE Package Hub - openSUSE-2020-429

Update Info

openSUSE-2020-429

Security update for GraphicsMagick

Type: security

Severity: moderate

Issued: 2020-03-31

Description:

This update for GraphicsMagick fixes the following issues:

- CVE-2019-12921: Fixed an issue where text filename components potentially coulf have 
  allowed reading of arbitrary files via TranslateTextEx (boo#1167208).
- CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow in 
  HuffmanDecodeImages (boo#1167623).
  
This update was imported from the openSUSE:Leap:15.1:Update update project.

References

CVE: CVE-2020-10938
CVE: CVE-2019-12921
Bugzilla: 1167623 VUL-1: CVE-2020-10938: GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c
Bugzilla: 1167208 VUL-1: CVE-2019-12921: GraphicsMagick,ImageMagick: the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG

Packages

GraphicsMagick-1.3.29-bp151.5.12.1