cvelistv5 - cve-2018-20189

CVE-2018-20189 (GCVE-0-2018-20189)

Vulnerability from cvelistv5 – Published: 2018-12-17 20:00 – Updated: 2024-08-05 11:58

Summary

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/106227	vdb-entryx_refsource_BID
	https://sourceforge.net/p/graphicsmagick/bugs/585/	x_refsource_MISC
	http://hg.graphicsmagick.org/hg/GraphicsMagick/re…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4207-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4640	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:58:18.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106227",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106227"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
          },
          {
            "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
          },
          {
            "name": "USN-4207-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4207-1/"
          },
          {
            "name": "DSA-4640",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4640"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-16T09:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "106227",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106227"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
        },
        {
          "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
        },
        {
          "name": "USN-4207-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4207-1/"
        },
        {
          "name": "DSA-4640",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4640"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106227",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106227"
            },
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/585/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
            },
            {
              "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
              "refsource": "MISC",
              "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
            },
            {
              "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
            },
            {
              "name": "USN-4207-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4207-1/"
            },
            {
              "name": "DSA-4640",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4640"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20189",
    "datePublished": "2018-12-17T20:00:00",
    "dateReserved": "2018-12-17T00:00:00",
    "dateUpdated": "2024-08-05T11:58:18.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C19CB4C7-620B-4FB6-9979-5711811A4793\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.\"}, {\"lang\": \"es\", \"value\": \"En GraphicsMagick 1.3.31, la funci\\u00f3n ReadDIBImage de coders/dib.c tiene una vulnerabilidad que permite un cierre inesperado y una denegaci\\u00f3n de servicio (DoS) mediante un archivo dib que est\\u00e1 manipulado para que aparezca con valores de p\\u00edxel directos, as\\u00ed como mapeo por color (que no est\\u00e1 disponible m\\u00e1s all\\u00e1 de las muestras de 8 bits) y, por lo tanto, carece de indexaci\\u00f3n.\"}]",
      "id": "CVE-2018-20189",
      "lastModified": "2024-11-21T04:01:03.240",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-12-17T20:29:00.247",
      "references": "[{\"url\": \"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106227\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/graphicsmagick/bugs/585/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4207-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4640\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/graphicsmagick/bugs/585/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4207-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-20189\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-12-17T20:29:00.247\",\"lastModified\":\"2024-11-21T04:01:03.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.\"},{\"lang\":\"es\",\"value\":\"En GraphicsMagick 1.3.31, la funci\u00f3n ReadDIBImage de coders/dib.c tiene una vulnerabilidad que permite un cierre inesperado y una denegaci\u00f3n de servicio (DoS) mediante un archivo dib que est\u00e1 manipulado para que aparezca con valores de p\u00edxel directos, as\u00ed como mapeo por color (que no est\u00e1 disponible m\u00e1s all\u00e1 de las muestras de 8 bits) y, por lo tanto, carece de indexaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C19CB4C7-620B-4FB6-9979-5711811A4793\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106227\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/graphicsmagick/bugs/585/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4207-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4640\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/graphicsmagick/bugs/585/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4207-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

WID-SEC-W-2023-0767

Vulnerability from csaf_certbund - Published: 2018-12-17 23:00 - Updated: 2023-03-27 22:00

Summary

GraphicsMagick: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten können.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten k\u00f6nnen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0767 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-0767.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0767 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0767"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5974-1 vom 2023-03-27",
        "url": "https://ubuntu.com/security/notices/USN-5974-1"
      },
      {
        "category": "external",
        "summary": "Eintr\u00e4ge in der Mitre Datenbank vom 2018-12-17",
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20189"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4207-1 vom 2019-12-03",
        "url": "https://usn.ubuntu.com/4207-1/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4640 vom 2020-03-16",
        "url": "https://www.debian.org/security/2020/dsa-4640"
      }
    ],
    "source_lang": "en-US",
    "title": "GraphicsMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2023-03-27T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:23.693+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0767",
      "initial_release_date": "2018-12-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-12-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2019-01-03T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: SUSE-SU-2019:13923-1"
        },
        {
          "date": "2019-12-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-03-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source GraphicsMagick 1.3.1",
                "product": {
                  "name": "Open Source GraphicsMagick 1.3.1",
                  "product_id": "97321",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:graphicsmagick:graphicsmagick:1.3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source GraphicsMagick 1.4",
                "product": {
                  "name": "Open Source GraphicsMagick 1.4",
                  "product_id": "T008587",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:graphicsmagick:graphicsmagick:1.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GraphicsMagick"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20184",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20184"
    },
    {
      "cve": "CVE-2018-20185",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20185"
    },
    {
      "cve": "CVE-2018-20189",
      "notes": [
        {
          "category": "description",
          "text": "In GraphicsMagick existieren mehrere Schwachstellen im Zusammenhang mit den Funktionen \"WriteTGAImage\", \"ReadBMPImage\" und \"ReadDIBImage\". Ein anonymer, entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte Bilddatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008587",
          "2951",
          "T000126",
          "97321"
        ]
      },
      "release_date": "2018-12-17T23:00:00.000+00:00",
      "title": "CVE-2018-20189"
    }
  ]
}

GSD-2018-20189

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-20189

Aliases

CVE-2018-20189

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-20189",
    "description": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",
    "id": "GSD-2018-20189",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-20189.html",
      "https://www.debian.org/security/2020/dsa-4640",
      "https://ubuntu.com/security/CVE-2018-20189",
      "https://advisories.mageia.org/CVE-2018-20189.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-20189"
      ],
      "details": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",
      "id": "GSD-2018-20189",
      "modified": "2023-12-13T01:22:29.327725Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-20189",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "106227",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106227"
          },
          {
            "name": "https://sourceforge.net/p/graphicsmagick/bugs/585/",
            "refsource": "MISC",
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
          },
          {
            "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
            "refsource": "MISC",
            "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
          },
          {
            "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
          },
          {
            "name": "USN-4207-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4207-1/"
          },
          {
            "name": "DSA-4640",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4640"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20189"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/585/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
            },
            {
              "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory",
                "Patch"
              ],
              "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
            },
            {
              "name": "106227",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106227"
            },
            {
              "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
            },
            {
              "name": "USN-4207-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/4207-1/"
            },
            {
              "name": "DSA-4640",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2020/dsa-4640"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-12-03T16:15Z",
      "publishedDate": "2018-12-17T20:29Z"
    }
  }
}

FKIE_CVE-2018-20189

Vulnerability from fkie_nvd - Published: 2018-12-17 20:29 - Updated: 2024-11-21 04:01

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589	Mailing List, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/106227	Third Party Advisory, VDB Entry
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html	Mailing List, Third Party Advisory
cve@mitre.org	https://sourceforge.net/p/graphicsmagick/bugs/585/	Exploit, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4207-1/
cve@mitre.org	https://www.debian.org/security/2020/dsa-4640
af854a3a-2127-422b-91ae-364da2661108	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106227	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://sourceforge.net/p/graphicsmagick/bugs/585/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4207-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4640

Impacted products

	Vendor	Product	Version
	graphicsmagick	graphicsmagick	1.3.31
	debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19CB4C7-620B-4FB6-9979-5711811A4793",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
    },
    {
      "lang": "es",
      "value": "En GraphicsMagick 1.3.31, la funci\u00f3n ReadDIBImage de coders/dib.c tiene una vulnerabilidad que permite un cierre inesperado y una denegaci\u00f3n de servicio (DoS) mediante un archivo dib que est\u00e1 manipulado para que aparezca con valores de p\u00edxel directos, as\u00ed como mapeo por color (que no est\u00e1 disponible m\u00e1s all\u00e1 de las muestras de 8 bits) y, por lo tanto, carece de indexaci\u00f3n."
    }
  ],
  "id": "CVE-2018-20189",
  "lastModified": "2024-11-21T04:01:03.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-17T20:29:00.247",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4207-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2020/dsa-4640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4207-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2020/dsa-4640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

OPENSUSE-SU-2019:0003-1

Vulnerability from csaf_opensuse - Published: 2019-01-01 16:33 - Updated: 2019-01-01 16:33

Summary

Security update for GraphicsMagick

Notes

Title of the patch

Security update for GraphicsMagick

Description of the patch

This update for GraphicsMagick fixes the following issues: Security vulnerabilities fixed: - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822) - CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790) This update was imported from the openSUSE:Leap:15.0:Update update project.

Patchnames

openSUSE-2019-3

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for GraphicsMagick",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for GraphicsMagick fixes the following issues:\n\nSecurity vulnerabilities fixed:\n\n- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)\n- CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790)\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-3",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0003-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:0003-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPY3MPACM4T2U3VDM6JPW5N77CGP32H6/#HPY3MPACM4T2U3VDM6JPW5N77CGP32H6"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:0003-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPY3MPACM4T2U3VDM6JPW5N77CGP32H6/#HPY3MPACM4T2U3VDM6JPW5N77CGP32H6"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119790",
        "url": "https://bugzilla.suse.com/1119790"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119822",
        "url": "https://bugzilla.suse.com/1119822"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20184 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20189 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20189/"
      }
    ],
    "title": "Security update for GraphicsMagick",
    "tracking": {
      "current_release_date": "2019-01-01T16:33:52Z",
      "generator": {
        "date": "2019-01-01T16:33:52Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:0003-1",
      "initial_release_date": "2019-01-01T16:33:52Z",
      "revision_history": [
        {
          "date": "2019-01-01T16:33:52Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
                "product": {
                  "name": "perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
                  "product_id": "perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15",
                "product": {
                  "name": "SUSE Package Hub 15",
                  "product_id": "SUSE Package Hub 15"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64 as component of SUSE Package Hub 15",
          "product_id": "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
        },
        "product_reference": "perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20184",
          "url": "https://www.suse.com/security/cve/CVE-2018-20184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119822 for CVE-2018-20184",
          "url": "https://bugzilla.suse.com/1119822"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-01T16:33:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20184"
    },
    {
      "cve": "CVE-2018-20189",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20189"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
          "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20189",
          "url": "https://www.suse.com/security/cve/CVE-2018-20189"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119790 for CVE-2018-20189",
          "url": "https://bugzilla.suse.com/1119790"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15:GraphicsMagick-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:GraphicsMagick-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-Q16-12-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick++-devel-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick-Q16-3-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagick3-config-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.12.1.x86_64",
            "SUSE Package Hub 15:perl-GraphicsMagick-1.3.29-bp150.2.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-01T16:33:52Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-20189"
    }
  ]
}

OPENSUSE-SU-2019:1-1

Vulnerability from csaf_opensuse - Published: 2019-03-23 10:38 - Updated: 2019-03-23 10:38

Summary

Security update for GraphicsMagick

Notes

Title of the patch

Security update for GraphicsMagick

Description of the patch

Patchnames

openSUSE-2019-1

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for GraphicsMagick",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for GraphicsMagick fixes the following issues:\n\nSecurity vulnerabilities fixed:\n\n- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)\n- CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY/#XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY/#XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119790",
        "url": "https://bugzilla.suse.com/1119790"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119822",
        "url": "https://bugzilla.suse.com/1119822"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20184 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20189 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20189/"
      }
    ],
    "title": "Security update for GraphicsMagick",
    "tracking": {
      "current_release_date": "2019-03-23T10:38:52Z",
      "generator": {
        "date": "2019-03-23T10:38:52Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1-1",
      "initial_release_date": "2019-03-23T10:38:52Z",
      "revision_history": [
        {
          "date": "2019-03-23T10:38:52Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
                "product": {
                  "name": "perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
                  "product_id": "perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
        },
        "product_reference": "perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20184",
          "url": "https://www.suse.com/security/cve/CVE-2018-20184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119822 for CVE-2018-20184",
          "url": "https://bugzilla.suse.com/1119822"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:38:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20184"
    },
    {
      "cve": "CVE-2018-20189",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20189"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
          "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20189",
          "url": "https://www.suse.com/security/cve/CVE-2018-20189"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119790 for CVE-2018-20189",
          "url": "https://bugzilla.suse.com/1119790"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagick3-config-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1.x86_64",
            "openSUSE Leap 15.0:perl-GraphicsMagick-1.3.29-lp150.3.18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:38:52Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-20189"
    }
  ]
}

GHSA-G57H-69C2-W5QC

Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-20189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-17T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",
  "id": "GHSA-g57h-69c2-w5qc",
  "modified": "2022-05-13T01:30:24Z",
  "published": "2022-05-13T01:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20189"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/585"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4207-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4640"
    },
    {
      "type": "WEB",
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-20189 (GCVE-0-2018-20189)

WID-SEC-W-2023-0767

GSD-2018-20189

FKIE_CVE-2018-20189

OPENSUSE-SU-2019:0003-1

OPENSUSE-SU-2019:1-1

GHSA-G57H-69C2-W5QC

Tags

Sightings

Nomenclature