Updated graphicsmagick packages fix security vulnerabilities
Publication date: 26 Feb 2020Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19950 , CVE-2019-19951 , CVE-2019-19953
Description
Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c (CVE-2019-19950). Fixed a heap-based buffer overflow in ImportRLEPixels() (CVE-2019-19951). Fixed a heap-based buffer overflow in EncodeImage() (CVE-2019-19953).
References
- https://bugs.mageia.org/show_bug.cgi?id=26094
- https://www.debian.org/lts/security/2020/dla-2084
- https://lists.opensuse.org/opensuse-updates/2020-01/msg00057.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19950
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19953
SRPMS
7/core
- graphicsmagick-1.3.35-1.mga7