Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-7175 (GCVE-0-2019-7175)
Vulnerability from cvelistv5 – Published: 2019-03-07 22:00 – Updated: 2024-08-04 20:38
VLAI
EPSS
Summary
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/ImageMagick/ImageMagick/commit… | x_refsource_MISC |
| https://github.com/ImageMagick/ImageMagick/issues/1450 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://usn.ubuntu.com/4034-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2020/dsa-4712 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2019-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1450"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T11:06:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1450"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1450",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1450"
},
{
"name": "openSUSE-SU-2019:1141",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7175",
"datePublished": "2019-03-07T22:00:00.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:38:33.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-7175",
"date": "2026-06-05",
"epss": "0.0018",
"percentile": "0.39428"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-7175\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-03-07T23:29:01.597\",\"lastModified\":\"2024-11-21T04:47:43.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.\"},{\"lang\":\"es\",\"value\":\"En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.9.10-25\",\"matchCriteriaId\":\"E982CE9C-89F7-4A5D-B036-A9A483493D5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0-0\",\"versionEndExcluding\":\"7.0.8-25\",\"matchCriteriaId\":\"2F7DF2A1-ADDE-48C4-BD39-CCA15D0D767A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/issues/1450\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4034-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4712\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/issues/1450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4034-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2019:13995-1
Vulnerability from csaf_suse - Published: 2019-03-29 12:24 - Updated: 2019-03-29 12:24Summary
Security update for GraphicsMagick
Severity
Moderate
Notes
Title of the patch: Security update for GraphicsMagick
Description of the patch: This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
- CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381)
- CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
- CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
Patchnames: sdksp4-GraphicsMagick-13995,slestso13-GraphicsMagick-13995
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for GraphicsMagick",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for GraphicsMagick fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).\n- CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381)\n- CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).\n- CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-GraphicsMagick-13995,slestso13-GraphicsMagick-13995",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_13995-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:13995-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913995-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:13995-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005265.html"
},
{
"category": "self",
"summary": "SUSE Bug 1120381",
"url": "https://bugzilla.suse.com/1120381"
},
{
"category": "self",
"summary": "SUSE Bug 1124365",
"url": "https://bugzilla.suse.com/1124365"
},
{
"category": "self",
"summary": "SUSE Bug 1124366",
"url": "https://bugzilla.suse.com/1124366"
},
{
"category": "self",
"summary": "SUSE Bug 1128649",
"url": "https://bugzilla.suse.com/1128649"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20467 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7175 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7397 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7398 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7398/"
}
],
"title": "Security update for GraphicsMagick",
"tracking": {
"current_release_date": "2019-03-29T12:24:04Z",
"generator": {
"date": "2019-03-29T12:24:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:13995-1",
"initial_release_date": "2019-03-29T12:24:04Z",
"revision_history": [
{
"date": "2019-03-29T12:24:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.2.5-78.85.1.i586",
"product": {
"name": "GraphicsMagick-1.2.5-78.85.1.i586",
"product_id": "GraphicsMagick-1.2.5-78.85.1.i586"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick2-1.2.5-78.85.1.i586",
"product": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.i586",
"product_id": "libGraphicsMagick2-1.2.5-78.85.1.i586"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.2.5-78.85.1.i586",
"product": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.i586",
"product_id": "perl-GraphicsMagick-1.2.5-78.85.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.2.5-78.85.1.ia64",
"product": {
"name": "GraphicsMagick-1.2.5-78.85.1.ia64",
"product_id": "GraphicsMagick-1.2.5-78.85.1.ia64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick2-1.2.5-78.85.1.ia64",
"product": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.ia64",
"product_id": "libGraphicsMagick2-1.2.5-78.85.1.ia64"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"product": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"product_id": "perl-GraphicsMagick-1.2.5-78.85.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.2.5-78.85.1.ppc64",
"product": {
"name": "GraphicsMagick-1.2.5-78.85.1.ppc64",
"product_id": "GraphicsMagick-1.2.5-78.85.1.ppc64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"product": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"product_id": "libGraphicsMagick2-1.2.5-78.85.1.ppc64"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"product": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"product_id": "perl-GraphicsMagick-1.2.5-78.85.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.2.5-78.85.1.s390x",
"product": {
"name": "GraphicsMagick-1.2.5-78.85.1.s390x",
"product_id": "GraphicsMagick-1.2.5-78.85.1.s390x"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick2-1.2.5-78.85.1.s390x",
"product": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.s390x",
"product_id": "libGraphicsMagick2-1.2.5-78.85.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"product": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"product_id": "perl-GraphicsMagick-1.2.5-78.85.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.2.5-78.85.1.x86_64",
"product": {
"name": "GraphicsMagick-1.2.5-78.85.1.x86_64",
"product_id": "GraphicsMagick-1.2.5-78.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"product": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"product_id": "libGraphicsMagick2-1.2.5-78.85.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"product": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"product_id": "perl-GraphicsMagick-1.2.5-78.85.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586"
},
"product_reference": "perl-GraphicsMagick-1.2.5-78.85.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64"
},
"product_reference": "perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64"
},
"product_reference": "perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x"
},
"product_reference": "perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.2.5-78.85.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64"
},
"product_reference": "perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.2.5-78.85.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64"
},
"product_reference": "GraphicsMagick-1.2.5-78.85.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick2-1.2.5-78.85.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
},
"product_reference": "libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20467"
}
],
"notes": [
{
"category": "general",
"text": "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20467",
"url": "https://www.suse.com/security/cve/CVE-2018-20467"
},
{
"category": "external",
"summary": "SUSE Bug 1120381 for CVE-2018-20467",
"url": "https://bugzilla.suse.com/1120381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T12:24:04Z",
"details": "low"
}
],
"title": "CVE-2018-20467"
},
{
"cve": "CVE-2019-7175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7175"
}
],
"notes": [
{
"category": "general",
"text": "In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7175",
"url": "https://www.suse.com/security/cve/CVE-2019-7175"
},
{
"category": "external",
"summary": "SUSE Bug 1128649 for CVE-2019-7175",
"url": "https://bugzilla.suse.com/1128649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T12:24:04Z",
"details": "low"
}
],
"title": "CVE-2019-7175"
},
{
"cve": "CVE-2019-7397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7397"
}
],
"notes": [
{
"category": "general",
"text": "In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7397",
"url": "https://www.suse.com/security/cve/CVE-2019-7397"
},
{
"category": "external",
"summary": "SUSE Bug 1124366 for CVE-2019-7397",
"url": "https://bugzilla.suse.com/1124366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T12:24:04Z",
"details": "low"
}
],
"title": "CVE-2019-7397"
},
{
"cve": "CVE-2019-7398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7398"
}
],
"notes": [
{
"category": "general",
"text": "In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7398",
"url": "https://www.suse.com/security/cve/CVE-2019-7398"
},
{
"category": "external",
"summary": "SUSE Bug 1124365 for CVE-2019-7398",
"url": "https://bugzilla.suse.com/1124365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-78.85.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-78.85.1.x86_64",
"SUSE Studio Onsite 1.3:libGraphicsMagick2-1.2.5-78.85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-29T12:24:04Z",
"details": "low"
}
],
"title": "CVE-2019-7398"
}
]
}
WID-SEC-W-2023-2145
Vulnerability from csaf_certbund - Published: 2019-03-07 23:00 - Updated: 2024-10-03 22:00Summary
ImageMagick: Schwachstelle ermöglicht nicht spezifizierten Angriff
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Es existiert eine Schwachstelle in ImageMagick. Diese besteht aufgrund mehrerer memory leak Schwachstellen in DecodeImage in coders/pcd.c. Ein entfernter anonymer Angreifer kann diese Schwachstelle mit unbekannten Auswirkungen ausnutzen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu öffnen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Open Source ImageMagick <7.0.8-25
Open Source / ImageMagick
|
<7.0.8-25 | ||
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— |
References
20 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2145 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2145.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2145 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2145"
},
{
"category": "external",
"summary": "Eintrag in der Mitre Datenbank CVE-2019-7175 vom 2019-03-07",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7175"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0739-1 vom 2019-03-26",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190739-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:13993-1 vom 2019-03-28",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913993-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:13995-1 vom 2019-03-29",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913995-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1033-1 vom 2019-04-25",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191033-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:1033-2 vom 2019-04-27",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191033-2.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4034-1 vom 2019-06-25",
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1180 vom 2020-03-31",
"url": "https://access.redhat.com/errata/RHSA-2020:1180"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2020-035 vom 2020-04-10",
"url": "https://downloads.avaya.com/css/P8/documents/101065660"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4712 vom 2020-07-01",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1815 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1815.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1814 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1814.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1813 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1813.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1812 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1812.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1811 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1811.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1810 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1810.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1926 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/ALAS-2024-1926.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7053-1 vom 2024-10-03",
"url": "https://ubuntu.com/security/notices/USN-7053-1"
}
],
"source_lang": "en-US",
"title": "ImageMagick: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:37.738+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2145",
"initial_release_date": "2019-03-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-03-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-03-07T23:00:00.000+00:00",
"number": "2",
"summary": "QS"
},
{
"date": "2019-03-26T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-03-27T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-03-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-28T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-06-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-03-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2020-06-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Web License Manager",
"product": {
"name": "Avaya Web License Manager",
"product_id": "T016243",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:web_license_manager:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.0.8-25",
"product": {
"name": "Open Source ImageMagick \u003c7.0.8-25",
"product_id": "T013561"
}
},
{
"category": "product_version",
"name": "7.0.8-25",
"product": {
"name": "Open Source ImageMagick 7.0.8-25",
"product_id": "T013561-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:7.0.8-25"
}
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7175",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in ImageMagick. Diese besteht aufgrund mehrerer memory leak Schwachstellen in DecodeImage in coders/pcd.c. Ein entfernter anonymer Angreifer kann diese Schwachstelle mit unbekannten Auswirkungen ausnutzen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Datei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"T015518",
"2951",
"T002207",
"67646",
"T015516",
"T000126",
"T015127",
"398363",
"T015126",
"T013561",
"T016243"
]
},
"release_date": "2019-03-07T23:00:00.000+00:00",
"title": "CVE-2019-7175"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…