Bugzilla – Bug 1134075
VUL-1: CVE-2019-10131: ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
Last modified: 2019-07-10 05:37:43 UTC
rh#1704762 An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer() function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e References: https://bugzilla.redhat.com/show_bug.cgi?id=1704762 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10131 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10131.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131 http://www.securityfocus.com/bid/108117 https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
The RedHat bug talks about a testcase, but does not include it and I haven't found it anywhere.
15/ImageMagick, 15.0/GraphicsMagick: the fix already in original release 11,12/ImageMagick,42.3/GraphicsMagick: fixed already by ImageMagick-meta.c-update.patch
rpm changelog amendment was submitted against 12/ImageMagick, 11/ImageMagick and 42.3/GraphicsMagick
This is an autogenerated message for OBS integration: This bug (1134075) was mentioned in https://build.opensuse.org/request/show/702582 42.3 / GraphicsMagick
openSUSE-SU-2019:1427-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1134075 CVE References: CVE-2019-10131 Sources used: openSUSE Leap 42.3 (src): GraphicsMagick-1.3.25-138.1
SUSE-SU-2019:1712-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464 CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Server 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Desktop 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1683-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464 CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-85.1
released