Advisories ยป MGASA-2019-0142

Updated imagemagick packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-10649 , CVE-2019-10650

Description

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function
SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a
denial of service via a crafted image file. (CVE-2019-10649)

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the
function WriteTIFFImage of coders/tiff.c, which allows an attacker to
cause a denial of service or information disclosure via a crafted image
file. (CVE-2019-10650)
                

References

SRPMS

6/core