Mageia 2019-0187 Critical: GraphicsMagick Buffer Overflow Threat
mageia
June 10, 2019
Updated graphicsmagick packages fix security vulnerabilities In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of ...
Summary
Updated graphicsmagick packages fix security vulnerabilities
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer
overflow in the function SVGStartElement of coders/svg.c, which allows
remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a quoted font family value.
(CVE-2019-11005)
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer
over-read in the function ReadMIFFImage of coders/miff.c, which allows
attackers to cause a denial of service or information disclosure via an
RLE packet. (CVE-2019-11006)
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer
over-read in the ReadMNGImage function of coders/png.c, which allows
attackers to cause a denial of service or information disclosure via an
image colormap. (CVE-2019-11007)
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer
overflow in the function WriteXWDImage of coders/xwd.c, which allows
...
References
- https://bugs.mageia.org/show_bug.cgi?id=24766
- - https://www.cve.org/CVERecord?id=CVE-2019-11005
- https://www.cve.org/CVERecord?id=CVE-2019-11006
- https://www.cve.org/CVERecord?id=CVE-2019-11007
- https://www.cve.org/CVERecord?id=CVE-2019-11008
- https://www.cve.org/CVERecord?id=CVE-2019-11009
- https://www.cve.org/CVERecord?id=CVE-2019-11010
- https://www.cve.org/CVERecord?id=CVE-2019-11473
- https://www.cve.org/CVERecord?id=CVE-2019-11474
- https://www.cve.org/CVERecord?id=CVE-2019-11505
- https://www.cve.org/CVERecord?id=CVE-2019-11506
Resolution
SRPMS
- 6/core/graphicsmagick-1.3.31-1.5.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0187.html
Type: security
CVE: CVE-2019-11005,
CVE-2019-11006,
CVE-2019-11007,
CVE-2019-11008,
CVE-2019-11009,
CVE-2019-11010,
CVE-2019-11473,
CVE-2019-11474,
CVE-2019-11505,
CVE-2019-11506
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!