Updated graphicsmagick packages fix security vulnerabilities
Publication date: 11 Jan 2019Modification date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20184 , CVE-2018-20185 , CVE-2018-20189
Description
It was discovered that graphicsmagick was subject to vulnerabilites. * heap-based buffer overflow in the WriteTGAImage function of tga.c (CVE-2018-20184). * denial of service vulnerability in ReadDIBImage function of coders/dib.c (CVE-2018-20189). * heap-based buffer over-read in the ReadBMPImage function of bmp.c (CVE-2018-20185).
References
- https://bugs.mageia.org/show_bug.cgi?id=24103
- https://lists.opensuse.org/opensuse-updates/2018-12/msg00148.html
- http://lists.suse.com/pipermail/sle-security-updates/2019-January/005014.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20184
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20185
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20189
SRPMS
6/core
- graphicsmagick-1.3.31-1.3.mga6