Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE: 2021:14598-1 Moderate: ImageMagick Buffer Overflows and More

suse
Calendar Grey January 15, 2021
Dist Suse Esm H88
SUSE has released an update for ImageMagick addressing a variety of vulnerabilities to improve security and stability.
An update that fixes 19 vulnerabilities is now available

Summary

This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c

References

#1179103 #1179202 #1179212 #1179269 #1179281

#1179311 #1179312 #1179313 #1179315 #1179321

#1179322 #1179327 #1179336 #1179338 #1179339

#1179345 #1179346 #1179347 #1179397

Cross- CVE-2020-19667 CVE-2020-25664 CVE-2020-25666

CVE-2020-27751 CVE-2020-27752 CVE-2020-27753

CVE-2020-27754 CVE-2020-27755 CVE-2020-27759

CVE-2020-27760 CVE-2020-27761 CVE-2020-27763

CVE-2020-27765 CVE-2020-27767 CVE-2020-27768

CVE-2020-27769 CVE-2020-27771 CVE-2020-27772

CVE-2020-27775

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2020-19667.html

https://www.suse.com/security/cve/C...

Read the Full Advisory

Announcement ID: SUSE-SU-2021:14598-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.