{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1-32bit":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1-32bit":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-devel":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagick++-devel":"6.8.8.1-71.123.2","perl-PerlMagick":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-devel":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagick++-devel":"6.8.8.1-71.123.2","perl-PerlMagick":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1":"6.8.8.1-71.123.2","libMagickWand-6_Q16-1":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1-32bit":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP3","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ImageMagick":"6.8.8.1-71.123.2","ImageMagick-config-6-SUSE":"6.8.8.1-71.123.2","ImageMagick-config-6-upstream":"6.8.8.1-71.123.2","libMagick++-6_Q16-3":"6.8.8.1-71.123.2","libMagickCore-6_Q16-1-32bit":"6.8.8.1-71.123.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP4","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.123.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).\n- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).\n- CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).\n- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).\n- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).\n- CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).\n- CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).\n- CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).\n- CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)\n    \nWe also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)\n","id":"SUSE-SU-2019:1712-1","modified":"2019-06-25T15:35:38Z","published":"2019-06-25T15:35:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191712-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133204"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133205"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133498"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133501"},{"type":"REPORT","url":"https://bugzilla.suse.com/1134075"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135232"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135236"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136183"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136732"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138425"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-10131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11505"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11506"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11597"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11598"}],"related":["CVE-2017-12805","CVE-2017-12806","CVE-2019-10131","CVE-2019-11470","CVE-2019-11472","CVE-2019-11505","CVE-2019-11506","CVE-2019-11597","CVE-2019-11598"],"summary":"Security update for ImageMagick","upstream":["CVE-2017-12805","CVE-2017-12806","CVE-2019-10131","CVE-2019-11470","CVE-2019-11472","CVE-2019-11505","CVE-2019-11506","CVE-2019-11597","CVE-2019-11598"]}