First Last Prev Next    This bug is not in your last search results.
Bug 1133202 - (CVE-2019-11474) VUL-1: CVE-2019-11474: GraphicsMagick: coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than and .
(CVE-2019-11474)
VUL-1: CVE-2019-11474: GraphicsMagick: coders/xwd.c in GraphicsMagick 1.3.31 ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/230160/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-24 06:10 UTC by Marcus Meissner
Modified: 2019-07-10 05:34 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-24 06:10:52 UTC 
CVE-2019-11474

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of
service (floating-point exception and application crash) by crafting an XWD
image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11474
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11474.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11474
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
http://www.graphicsmagick.org/Changelog.html
Comment 1 Marcus Meissner 2019-04-24 06:13:01 UTC 
reproducer seems to have been mailed only to GraphicsMagick security address.
Comment 2 Marcus Meissner 2019-04-24 06:16:31 UTC 
the code in ImageMAgick in SLE11 and later has /0 protection in the overflow checks.
Comment 3 Petr Gajdos 2019-04-30 10:49:04 UTC 
See bug 1133204 comment 4.
Comment 5 Petr Gajdos 2019-04-30 10:50:30 UTC 
Will submit for: 15.0/GraphicsMagick and 42.0/GraphicsMagick.
Comment 6 Swamp Workflow Management 2019-04-30 11:50:15 UTC 
This is an autogenerated message for OBS integration:
This bug (1133202) was mentioned in
https://build.opensuse.org/request/show/699628 15.0 / GraphicsMagick
https://build.opensuse.org/request/show/699629 42.3 / GraphicsMagick
Comment 7 Petr Gajdos 2019-05-02 09:20:28 UTC 
I believe all fixed.
Comment 8 Swamp Workflow Management 2019-05-09 13:09:40 UTC 
openSUSE-SU-2019:1354-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 15.0 (src):    GraphicsMagick-1.3.29-lp150.3.28.1
Comment 9 Swamp Workflow Management 2019-05-09 13:10:50 UTC 
openSUSE-SU-2019:1355-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-135.1
Comment 10 Swamp Workflow Management 2019-05-22 22:09:30 UTC 
openSUSE-SU-2019:1437-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Backports SLE-15 (src):    GraphicsMagick-1.3.29-bp150.2.21.1
Comment 11 Swamp Workflow Management 2019-05-28 13:31:20 UTC 
This is an autogenerated message for OBS integration:
This bug (1133202) was mentioned in
https://build.opensuse.org/request/show/705902 15.1 / GraphicsMagick
Comment 12 Marcus Meissner 2019-07-10 05:34:06 UTC 
released
First Last Prev Next    This bug is not in your last search results.