{"affected":[{"ecosystem_specific":{"binaries":[{"GraphicsMagick":"1.3.29-lp150.3.25.1","GraphicsMagick-devel":"1.3.29-lp150.3.25.1","libGraphicsMagick++-Q16-12":"1.3.29-lp150.3.25.1","libGraphicsMagick++-devel":"1.3.29-lp150.3.25.1","libGraphicsMagick-Q16-3":"1.3.29-lp150.3.25.1","libGraphicsMagick3-config":"1.3.29-lp150.3.25.1","libGraphicsMagickWand-Q16-2":"1.3.29-lp150.3.25.1","perl-GraphicsMagick":"1.3.29-lp150.3.25.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"GraphicsMagick","purl":"pkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.29-lp150.3.25.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for GraphicsMagick fixes the following issues:\n\n- CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058)\n- CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061)\n- CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055)\n- CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060)\n- CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054)\n- CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053)\n\n","id":"openSUSE-SU-2019:1272-1","modified":"2019-04-25T13:54:50Z","published":"2019-04-25T13:54:50Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXCD25J6SGUE4ICG6PUTWAN5C5PUNGAD/#EXCD25J6SGUE4ICG6PUTWAN5C5PUNGAD"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132053"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132054"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132058"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132060"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132061"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11007"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11010"}],"related":["CVE-2019-11005","CVE-2019-11006","CVE-2019-11007","CVE-2019-11008","CVE-2019-11009","CVE-2019-11010"],"summary":"Security update for GraphicsMagick","upstream":["CVE-2019-11005","CVE-2019-11006","CVE-2019-11007","CVE-2019-11008","CVE-2019-11009","CVE-2019-11010"]}