Updated imagemagick packages fix security vulnerability
Publication date: 10 Apr 2019Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-10649 , CVE-2019-10650
Description
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. (CVE-2019-10649) In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)
References
SRPMS
6/core
- imagemagick-6.9.10.36-1.mga6