Bug 1160369 – VUL-1: CVE-2019-19949: ImageMagick: heap-based buffer over-read in the function WritePNGImage of coders/png.c

Bug 1160369 - (CVE-2019-19949) VUL-1: CVE-2019-19949: ImageMagick: heap-based buffer over-read in the function WritePNGImage of coders/png.c

(CVE-2019-19949)
Summary:	VUL-1: CVE-2019-19949: ImageMagick: heap-based buffer over-read in the functi...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/249755/
Whiteboard:	CVSSv2:NVD:CVE-2019-19949:6.4:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-01-08 08:51 UTC by Alexandros Toptsoglou
Modified:	2020-05-12 18:46 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
POC (2.33 KB, text/plain) 2020-01-08 09:00 UTC, Alexandros Toptsoglou	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2020-01-08 08:51:52 UTC

CVE-2019-19949

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the
function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile
and LocaleNCompare.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19949
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19949.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19949
https://github.com/ImageMagick/ImageMagick/issues/1561

Comment 1 Alexandros Toptsoglou 2020-01-08 08:56:15 UTC

(In reply to Alexandros Toptsoglou from comment #0)
> CVE-2019-19949
> 
> In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the
> function WritePNGImage of coders/png.c, related to
> Magick_png_write_raw_profile
> and LocaleNCompare.
> 
> References:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19949
> http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19949.html
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19949
> https://github.com/ImageMagick/ImageMagick/issues/1561

According to upstream [0], MITRE's description is wrong because it reports 7.0.8-43 as vulnerable where 7.0.8-43 is the fixed version you are reporting.

[0]https://github.com/ImageMagick/ImageMagick/issues/1561#issuecomment-569051880

Comment 2 Alexandros Toptsoglou 2020-01-08 09:00:04 UTC

Created attachment 827117 [details]
POC

Comment 3 Alexandros Toptsoglou 2020-01-08 09:48:47 UTC

Reproduced the issue with the provided POC in SLE15 and SLE12. The fix seems applicable to SLE11 too. However, the output of valgrind seems different. Tracked SLE15, SLE12, SLE11 abnd Leap 15.1 as affected. 

GraphicsMagick seems not affected. 

To reproduce simple run: 

valgrind convert $POC test.png 

OUTPUT (LEAP 15.1):

Command: convert heap-buffer-overflow_WritePNGImage test.png
==23399== 
==23399== Invalid read of size 1
==23399==    at 0x4C3229A: strncasecmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23399==    by 0x9418595: Magick_png_write_raw_profile (png.c:8148)
==23399==    by 0x9418595: WriteOnePNGImage (png.c:11059)
==23399==    by 0x941B2FE: WritePNGImage (png.c:12734)
==23399==    by 0x4EB9144: WriteImage (constitute.c:1188)
==23399==    by 0x4EB982E: WriteImages (constitute.c:1338)
==23399==    by 0x532A09A: ConvertImageCommand (convert.c:3280)
==23399==    by 0x538EAD4: MagickCommandGenesis (mogrify.c:183)
==23399==    by 0x1092AF: MagickMain (magick.c:149)
==23399==    by 0x584DF89: (below main) (in /lib64/libc-2.26.so)
==23399==  Address 0x8f04731 is 0 bytes after a block of size 1 alloc'd
==23399==    at 0x4C2E2DF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23399==    by 0x4FD8913: ConstantString (string.c:713)
==23399==    by 0x4FCB4C5: CloneSplayTree (splay-tree.c:372)
==23399==    by 0x4F810A3: CloneImageProfiles (profile.c:181)
==23399==    by 0x4F3AC4A: CloneImage (image.c:837)
==23399==    by 0x94109E7: WriteOnePNGImage (png.c:8493)
==23399==    by 0x941B2FE: WritePNGImage (png.c:12734)
==23399==    by 0x4EB9144: WriteImage (constitute.c:1188)
==23399==    by 0x4EB982E: WriteImages (constitute.c:1338)
==23399==    by 0x532A09A: ConvertImageCommand (convert.c:3280)
==23399==    by 0x538EAD4: MagickCommandGenesis (mogrify.c:183)
==23399==    by 0x1092AF: MagickMain (magick.c:149)

Comment 4 Petr Gajdos 2020-01-08 10:17:12 UTC

BEFORE

15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow_WritePNGImage out.png
==1895== Invalid read of size 1
==1895==    at 0x4C31BFA: strncasecmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1895==    by 0x9418595: Magick_png_write_raw_profile (png.c:8148)
==1895==    by 0x9418595: WriteOnePNGImage (png.c:11059)
==1895==    by 0x941B2FE: WritePNGImage (png.c:12734)
==1895==    by 0x4EB81C4: WriteImage (constitute.c:1188)
==1895==    by 0x4EB88AE: WriteImages (constitute.c:1338)
==1895==    by 0x5329101: ConvertImageCommand (convert.c:3280)
==1895==    by 0x538E014: MagickCommandGenesis (mogrify.c:183)
==1895==    by 0x10937F: MagickMain (magick.c:149)
==1895==    by 0x584DF89: (below main) (in /lib64/libc-2.26.so)
==1895==  Address 0x8f073b1 is 0 bytes after a block of size 1 alloc'd
==1895==    at 0x4C2E01F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1895==    by 0x4FD7993: ConstantString (string.c:713)
==1895==    by 0x4FCA545: CloneSplayTree (splay-tree.c:372)
==1895==    by 0x4F80123: CloneImageProfiles (profile.c:181)
==1895==    by 0x4F39CCA: CloneImage (image.c:837)
==1895==    by 0x94109E7: WriteOnePNGImage (png.c:8493)
==1895==    by 0x941B2FE: WritePNGImage (png.c:12734)
==1895==    by 0x4EB81C4: WriteImage (constitute.c:1188)
==1895==    by 0x4EB88AE: WriteImages (constitute.c:1338)
==1895==    by 0x5329101: ConvertImageCommand (convert.c:3280)
==1895==    by 0x538E014: MagickCommandGenesis (mogrify.c:183)
==1895==    by 0x10937F: MagickMain (magick.c:149)
==1895== 
convert: attempt to set read-only property `v' @ error/property.c/SetImageProperty/4099.
convert: improper image header `heap-buffer-overflow_WritePNGImage' @ error/miff.c/ReadMIFFImage/1119.
convert: keyword "Raw profile type ": bad character '0x20' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "Raw profile type gif:v": bad character '0x03' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "Raw profile type gif:": bad character '0x99' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "date:crea19-01-16T17:51:38+00:0": bad character '0x0A' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "maitnd
matte": bad character '0x0A' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "proile": bad character '0x7F' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
$
[invalid read detected during writing png]

12,11/ImageMagick

$ valgrind  -q convert heap-buffer-overflow_WritePNGImage out.png
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C12A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C130: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C145: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C13A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C12A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C130: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C145: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
==1904== Conditional jump or move depends on uninitialised value(s)
==1904==    at 0x4C2C13A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1904==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==1904==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==1904==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==1904==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==1904==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==1904==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1904==    by 0x400846: ConvertMain (convert.c:81)
==1904==    by 0x400846: main (convert.c:92)
==1904== 
convert: improper image header `heap-buffer-overflow_WritePNGImage' @ error/miff.c/ReadMIFFImage/1108.
convert: no images defined `out.png' @ error/convert.c/ConvertImageCommand/3149.
$
[no such invalid read detected]

15.1/GraphicsMagick

$ valgrind  -q gm convert heap-buffer-overflow_WritePNGImage out.png
gm convert: Improper image header (heap-buffer-overflow_WritePNGImage).
$
[no such invalid read detected]


PATCH

https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce

*/ImageMagick: applies almost cleanly
*/GraphicsMagick: no such code

AFTER

15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow_WritePNGImage out.png
convert: attempt to set read-only property `v' @ error/property.c/SetImageProperty/4099.
convert: improper image header `heap-buffer-overflow_WritePNGImage' @ error/miff.c/ReadMIFFImage/1119.
convert: keyword "Raw profile type ": bad character '0x20' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "Raw profile type gif:v": bad character '0x03' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "Raw profile type gif:": bad character '0x99' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "date:crea19-01-16T17:51:38+00:0": bad character '0x0A' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "maitnd
matte": bad character '0x0A' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
convert: keyword "proile": bad character '0x7F' `out.png' @ warning/png.c/MagickPNGWarningHandler/1744.
$

12,11/ImageMagick

$ valgrind  -q convert heap-buffer-overflow_WritePNGImage out.png
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C12A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C130: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C145: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C13A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D116: ParseCommandOption (option.c:2469)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C12A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C130: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C145: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
==2798== Conditional jump or move depends on uninitialised value(s)
==2798==    at 0x4C2C13A: __GI_strchr (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2798==    by 0x4F6D210: ParseCommandOption (option.c:2470)
==2798==    by 0x841CBE0: ReadMIFFImage (miff.c:699)
==2798==    by 0x4EBFE0A: ReadImage (constitute.c:601)
==2798==    by 0x4EC0ECA: ReadImages (constitute.c:907)
==2798==    by 0x5319BAE: ConvertImageCommand (convert.c:617)
==2798==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==2798==    by 0x400846: ConvertMain (convert.c:81)
==2798==    by 0x400846: main (convert.c:92)
==2798== 
convert: improper image header `heap-buffer-overflow_WritePNGImage' @ error/miff.c/ReadMIFFImage/1108.
convert: no images defined `out.png' @ error/convert.c/ConvertImageCommand/3149.
$
[no change in output]

Comment 5 Petr Gajdos 2020-01-08 10:17:48 UTC

Will submit for 15,12,11/ImageMagick.

Comment 6 Petr Gajdos 2020-01-08 12:45:44 UTC

Packages submitted. I believe all fixed.

Comment 10 Swamp Workflow Management 2020-01-30 20:12:28 UTC

SUSE-SU-2020:0275-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1159861,1160369,1161194
CVE References: CVE-2019-19948,CVE-2019-19949
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.79.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ImageMagick-7.0.7.34-3.79.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.79.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.79.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ImageMagick-7.0.7.34-3.79.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.79.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2020-02-05 17:12:24 UTC

openSUSE-SU-2020:0170-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1159861,1160369,1161194
CVE References: CVE-2019-19948,CVE-2019-19949
Sources used:
openSUSE Leap 15.1 (src):    ImageMagick-7.0.7.34-lp151.7.15.1

Comment 12 Swamp Workflow Management 2020-02-19 14:16:42 UTC

SUSE-SU-2020:0411-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1159861,1160369,1161194
CVE References: CVE-2019-19948,CVE-2019-19949
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Server 12-SP5 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Server 12-SP4 (src):    ImageMagick-6.8.8.1-71.141.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    ImageMagick-6.8.8.1-71.141.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Alexandros Toptsoglou 2020-04-29 13:39:21 UTC

Done