Debian LTS: DLA-1795-1: graphicsmagick security update

    Date20 May 2019
    CategoryDebian LTS
    444
    Posted ByLinuxSecurity Advisories
    Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit: CVE-2019-11473
    
    Package        : graphicsmagick
    Version        : 1.3.20-3+deb8u7
    CVE ID         : CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506
    
    Multiple vulnerabilities have been discovered in graphicsmagick, the image
    processing toolkit:
    
    CVE-2019-11473
    
        The WriteMATLABImage function (coders/mat.c) is affected by a heap-based
        buffer overflow. Remote attackers might leverage this vulnerability to
        cause denial of service or any other unspecified impact via crafted Matlab
        matrices.
    
    CVE-2019-11474
    
        The WritePDBImage function (coders/pdb.c) is affected by a heap-based
        buffer overflow. Remote attackers might leverage this vulnerability to
        cause denial of service or any other unspecified impact via a crafted Palm
        Database file.
    
    CVE-2019-11505
    CVE-2019-11506
    
        The XWD module (coders/xwd.c) is affected by multiple heap-based
        buffer overflows and arithmetic exceptions. Remote attackers might leverage
        these various flaws to cause denial of service or any other unspecified
        impact via crafted XWD files.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.3.20-3+deb8u7.
    
    We recommend that you upgrade your graphicsmagick packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.