Advisories » MGASA-2019-0142

Updated imagemagick packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-10649 , CVE-2019-10650

Description

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function
SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a
denial of service via a crafted image file. (CVE-2019-10649)

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the
function WriteTIFFImage of coders/tiff.c, which allows an attacker to
cause a denial of service or information disclosure via a crafted image
file. (CVE-2019-10650)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24614
• https://www.imagemagick.org/script/changelog.php
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10649
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10650

SRPMS

6/core

• imagemagick-6.9.10.36-1.mga6