Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2023:2389-2 Critical ImageMagick Denial of Service Update

suse
Calendar Grey November 29, 2022
Dist Suse Esm H88
SUSE Security Patch addresses severe vulnerabilities in libpng, bolstering system stability and averting potential outages.
An update that fixes 11 vulnerabilities is now available

Summary

This update for exiv2 fixes the following issues: - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2019-17402: Fixed an improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in

Topics%20covered

Topics Covered

security advisory denial of service vulnerability important SUSE exiv2

References

#1050257 #1095070 #1110282 #1119559 #1119560

#1119562 #1142677 #1142678 #1153577 #1186231

#1189337

Cross- CVE-2017-11591 CVE-2018-11531 CVE-2018-17581

CVE-2018-20097 CVE-2018-20098 CVE-2018-20099

CVE-2019-13109 CVE-2019-13110 CVE-2019-17402

CVE-2021-29473 CVE-2021-32815

CVSS scores:

CVE-2017-11591 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-11591 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-11531 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-11531 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2018-17581 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2018-17581 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4276-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service vulnerability important SUSE exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here