advisories/24614.adv

type: security
subject: Updated imagemagick packages fix security vulnerability
CVE:
 - CVE-2019-10649
 - CVE-2019-10650
src:
  6:
   core:
     - imagemagick-6.9.10.36-1.mga6
description: |
  In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function
  SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a
  denial of service via a crafted image file. (CVE-2019-10649)

  In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the
  function WriteTIFFImage of coders/tiff.c, which allows an attacker to
  cause a denial of service or information disclosure via a crafted image
  file. (CVE-2019-10650)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24614
 - https://www.imagemagick.org/script/changelog.php
1	type: security
2	subject: Updated imagemagick packages fix security vulnerability
3	CVE:
4	- CVE-2019-10649
5	- CVE-2019-10650
6	src:
7	6:
8	core:
9	- imagemagick-6.9.10.36-1.mga6
10	description: \|
11	In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function
12	SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a
13	denial of service via a crafted image file. (CVE-2019-10649)
14
15	In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the
16	function WriteTIFFImage of coders/tiff.c, which allows an attacker to
17	cause a denial of service or information disclosure via a crafted image
18	file. (CVE-2019-10650)
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=24614
21	- https://www.imagemagick.org/script/changelog.php