Bug 1133203 (CVE-2019-11473)

Summary: VUL-1: CVE-2019-11473: GraphicsMagick: coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than and .
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/230159/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-04-24 06:17:58 UTC 
CVE-2019-11473

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of
service (out-of-bounds read and application crash) by crafting an XWD image
file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11473
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11473.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11473
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
http://www.graphicsmagick.org/Changelog.html
Comment 1 Marcus Meissner 2019-04-24 06:21:14 UTC 
not clear which part of the commit is referenced for this CVE.

perhaps this one:

-                for (i=0; i < (long) image->colors; i++)
+                const unsigned int min_colors = Min(image->colors,header.ncolors);
+                for (i=0; i < min_colors; i++)
                   {

This _might_ affect ImageMagick too.
Comment 2 Petr Gajdos 2019-04-30 10:48:38 UTC 
See bug 1133204 comment 4.
Comment 3 Petr Gajdos 2019-04-30 10:50:48 UTC 
Will submit for: 15.0/GraphicsMagick and 42.3/GraphicsMagick.
Comment 4 Swamp Workflow Management 2019-04-30 11:50:21 UTC 
This is an autogenerated message for OBS integration:
This bug (1133203) was mentioned in
https://build.opensuse.org/request/show/699628 15.0 / GraphicsMagick
https://build.opensuse.org/request/show/699629 42.3 / GraphicsMagick
Comment 5 Petr Gajdos 2019-05-02 09:20:31 UTC 
I believe all fixed.
Comment 6 Swamp Workflow Management 2019-05-09 13:09:48 UTC 
openSUSE-SU-2019:1354-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 15.0 (src):    GraphicsMagick-1.3.29-lp150.3.28.1
Comment 7 Swamp Workflow Management 2019-05-09 13:10:57 UTC 
openSUSE-SU-2019:1355-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-135.1
Comment 8 Swamp Workflow Management 2019-05-22 22:09:38 UTC 
openSUSE-SU-2019:1437-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Backports SLE-15 (src):    GraphicsMagick-1.3.29-bp150.2.21.1
Comment 9 Swamp Workflow Management 2019-05-28 13:31:23 UTC 
This is an autogenerated message for OBS integration:
This bug (1133203) was mentioned in
https://build.opensuse.org/request/show/705902 15.1 / GraphicsMagick
Comment 10 Marcus Meissner 2019-07-10 05:34:32 UTC 
released