http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd

http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8

openSUSE-SU-2019:1354

openSUSE-SU-2019:1355

openSUSE-SU-2019:1437

http://www.graphicsmagick.org/Changelog.html

108055

[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update

FEDORA-2019-da4c20882c

FEDORA-2019-425a1aa7c9

USN-4207-1

DSA-4640

This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed.

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in graphicsmagick, the image processing toolkit :

CVE-2019-11473

The WriteMATLABImage function (coders/mat.c) is affected by a heap-based buffer overflow. Remote attackers might leverage this vulnerability to cause denial of service or any other unspecified impact via crafted Matlab matrices.

CVE-2019-11474

The WritePDBImage function (coders/pdb.c) is affected by a heap-based buffer overflow. Remote attackers might leverage this vulnerability to cause denial of service or any other unspecified impact via a crafted Palm Database file.

CVE-2019-11505 CVE-2019-11506

The XWD module (coders/xwd.c) is affected by multiple heap-based buffer overflows and arithmetic exceptions. Remote attackers might leverage these various flaws to cause denial of service or any other unspecified impact via crafted XWD files.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u7.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

  - CVE-2019-11506: Fixed a heap-based buffer overflow in     the function WriteMATLABImage (boo#1133498). 

  - CVE-2019-11505: Fixed a heap-based buffer overflow in     the function WritePDBImage (boo#1133501). The following     fixes where modified and refreshed :

  - CVE-2019-11008: Fixed a heap-based buffer overflow in     the function WriteXWDImage (boo#1132054). 

  - CVE-2019-11009: Fixed a heap-based buffer over-read in     the function ReadXWDImage (boo#1132053). 

  - CVE-2019-11473: Fixed an out-of-bounds read leading to a     possible denial of service in coders/xwd.c     (boo#1133203). 

  - CVE-2019-11474: Fixed a floating-point exception leading     to a possible denial of service in coders/xwd.c     (boo#1133202).

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

  - CVE-2019-11506: Fixed a heap-based buffer overflow in     the function WriteMATLABImage (boo#1133498).

  - CVE-2019-11505: Fixed a heap-based buffer overflow in     the function WritePDBImage (boo#1133501).

The following fixes where modified and refreshed :

  - CVE-2019-11008: Fixed a heap-based buffer overflow in     the function WriteXWDImage (boo#1132054).

  - CVE-2019-11009: Fixed a heap-based buffer over-read in     the function ReadXWDImage (boo#1132053).

  - CVE-2019-11473: Fixed an out-of-bounds read leading to a     possible denial of service in coders/xwd.c     (boo#1133203).

  - CVE-2019-11474: Fixed a floating-point exception leading     to a possible denial of service in coders/xwd.c     (boo#1133202).

ID	Name	Product	Family	Severity
134577	Debian DSA-4640-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	critical
131696	Ubuntu 18.04 LTS : graphicsmagick vulnerabilities (USN-4207-1)	Nessus	Ubuntu Local Security Checks	critical
126361	Fedora 30 : GraphicsMagick (2019-da4c20882c)	Nessus	Fedora Local Security Checks	high
126356	Fedora 29 : GraphicsMagick (2019-425a1aa7c9)	Nessus	Fedora Local Security Checks	high
125296	Debian DLA-1795-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	high
124755	openSUSE Security Update : GraphicsMagick (openSUSE-2019-1355)	Nessus	SuSE Local Security Checks	high
124754	openSUSE Security Update : GraphicsMagick (openSUSE-2019-1354)	Nessus	SuSE Local Security Checks	high

CVE-2019-11474

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

high

high

high

high