Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2023:4634-1 Critical: ImageMagick DoS and Buffer Overflow Repair

suse
Calendar Grey December 14, 2023
Dist Suse Esm H88
Investigate the pivotal SUSE update targeting significant security flaws in ImageMagick to enhance vital protection measures.
* bsc#1153866 * bsc#1181836 * bsc#1182325 * bsc#1182335 * bsc#1182336

Summary

## This update for ImageMagick fixes the following issues: Security issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) * CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578) * CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum- private.h (bsc#1213624). * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) * CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). * CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).

Topics%20covered

Topics Covered

security advisory buffer overflow critical DoS SUSE ImageMagick

References

* bsc#1153866

* bsc#1181836

* bsc#1182325

* bsc#1182335

* bsc#1182336

* bsc#1182337

* bsc#1184624

* bsc#1184626

* bsc#1184627

* bsc#1184628

* bsc#1195563

* bsc#1197147

* bsc#1199350

* bsc#1200387

* bsc#1200388

* bsc#1200389

* bsc#1202250

* bsc#1202800

* bsc#1207982

* bsc#1207983

* bsc#1209141

* bsc#1211791

* bsc#1213624

* bsc#1214578

* bsc#1215939

Cross-

* CVE-2019-17540

* CVE-2020-21679

* CVE-2021-20176

* CVE-2021-20224

* CVE-2021-20241

* CVE-2021-20243

* CVE-2021-20244

* CVE-2021-20246

* CVE-2021-20309

* CVE-2021-20311

* CVE-2021-20312

* CVE-2021-20313

* CVE-2022-0284

* CVE-2022-2719

* CVE-2022-28463

* CVE-2022-32545

* CVE-2022-32546

* CVE-2022-32547

* CVE-2022-44267

* CVE-2022-44268

* CVE-2023-1289

* CVE-2023-34151

* CVE-2023-3745

* CVE-2023-5341

CVSS scores:

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4634-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow critical DoS SUSE ImageMagick

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here