Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

SUSE: 2019:13993-1 Moderate: ImageMagick Memory Leak and DoS Issues

suse
Calendar Grey March 27, 2019
Dist Suse Esm H88
SUSE has issued a Security Update for ImageMagick that addresses 7 vulnerabilities, including potential memory leaks and denial-of-service risks. Crucial for every developer.
An update that fixes 7 vulnerabilities is now available

Summary

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989). - CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). Patch Instructions:

References

#1106989 #1106996 #1113064 #1120381 #1124365

#1124366 #1128649

Cross- CVE-2018-16412 CVE-2018-16413 CVE-2018-18544

CVE-2018-20467 CVE-2019-7175 CVE-2019-7397

CVE-2019-7398

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-16412.html

https://www.suse.com/security/cve/CVE-2018-16413.html

https://www.suse.com/security/cve/CVE-2018-18544.html

https://www.suse.com/security/cve/CVE-2018-20467.html

https://www.suse.com/security/cve/CVE-2019-7175.html

https://www.suse.com/security/cve/CVE-2019-7397.html

https://www.suse.com/security/cve/CVE-2019-7398.html

Announcement ID: SUSE-SU-2019:13993-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.