{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick":"7.0.7.34-lp152.12.9.1","ImageMagick-config-7-SUSE":"7.0.7.34-lp152.12.9.1","ImageMagick-config-7-upstream":"7.0.7.34-lp152.12.9.1","ImageMagick-devel":"7.0.7.34-lp152.12.9.1","ImageMagick-devel-32bit":"7.0.7.34-lp152.12.9.1","ImageMagick-doc":"7.0.7.34-lp152.12.9.1","ImageMagick-extra":"7.0.7.34-lp152.12.9.1","libMagick++-7_Q16HDRI4":"7.0.7.34-lp152.12.9.1","libMagick++-7_Q16HDRI4-32bit":"7.0.7.34-lp152.12.9.1","libMagick++-devel":"7.0.7.34-lp152.12.9.1","libMagick++-devel-32bit":"7.0.7.34-lp152.12.9.1","libMagickCore-7_Q16HDRI6":"7.0.7.34-lp152.12.9.1","libMagickCore-7_Q16HDRI6-32bit":"7.0.7.34-lp152.12.9.1","libMagickWand-7_Q16HDRI6":"7.0.7.34-lp152.12.9.1","libMagickWand-7_Q16HDRI6-32bit":"7.0.7.34-lp152.12.9.1","perl-PerlMagick":"7.0.7.34-lp152.12.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"ImageMagick","purl":"pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.7.34-lp152.12.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes the following issues:\n\n- CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103).\n- CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202).\n- CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208).\n- CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212).\n- CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223).\n- CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240).\n- CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).\n- CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260).\n- CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269).\n- CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346).\n- CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397).\n- CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).\n- CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345).\n- CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221).\n- CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).\n- CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276).\n- CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313).\n- CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281).\n- CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315).\n- CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278).\n- CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312).\n- CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).\n- CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311).\n- CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).\n- CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322).\n- CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).\n- CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321).\n- CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343).\n- CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327).\n- CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347).\n- CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285).\n- CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333).\n- CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).\n- CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).\n- CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2021:0136-1","modified":"2021-01-22T09:21:53Z","published":"2021-01-22T09:21:53Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GMIDOKTR355FMU6NNJAZYI3VSQVSKBVF/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179202"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179208"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179212"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179221"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179223"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179240"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179260"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179268"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179269"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179276"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179278"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179281"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179285"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179312"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179313"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179315"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179317"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179321"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179322"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179333"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179336"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179338"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179339"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179343"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179346"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179347"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179361"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179362"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179397"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-19667"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25664"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25665"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25666"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25674"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25675"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27752"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27755"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27759"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27764"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27765"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27766"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27768"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27769"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27770"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27771"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27773"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27774"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-29599"}],"related":["CVE-2020-19667","CVE-2020-25664","CVE-2020-25665","CVE-2020-25666","CVE-2020-25674","CVE-2020-25675","CVE-2020-25676","CVE-2020-27750","CVE-2020-27751","CVE-2020-27752","CVE-2020-27753","CVE-2020-27754","CVE-2020-27755","CVE-2020-27756","CVE-2020-27757","CVE-2020-27758","CVE-2020-27759","CVE-2020-27760","CVE-2020-27761","CVE-2020-27762","CVE-2020-27763","CVE-2020-27764","CVE-2020-27765","CVE-2020-27766","CVE-2020-27767","CVE-2020-27768","CVE-2020-27769","CVE-2020-27770","CVE-2020-27771","CVE-2020-27772","CVE-2020-27773","CVE-2020-27774","CVE-2020-27775","CVE-2020-27776","CVE-2020-29599"],"summary":"Security update for ImageMagick","upstream":["CVE-2020-19667","CVE-2020-25664","CVE-2020-25665","CVE-2020-25666","CVE-2020-25674","CVE-2020-25675","CVE-2020-25676","CVE-2020-27750","CVE-2020-27751","CVE-2020-27752","CVE-2020-27753","CVE-2020-27754","CVE-2020-27755","CVE-2020-27756","CVE-2020-27757","CVE-2020-27758","CVE-2020-27759","CVE-2020-27760","CVE-2020-27761","CVE-2020-27762","CVE-2020-27763","CVE-2020-27764","CVE-2020-27765","CVE-2020-27766","CVE-2020-27767","CVE-2020-27768","CVE-2020-27769","CVE-2020-27770","CVE-2020-27771","CVE-2020-27772","CVE-2020-27773","CVE-2020-27774","CVE-2020-27775","CVE-2020-27776","CVE-2020-29599"]}