113 lines
7.4 KiB
XML
113 lines
7.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for GraphicsMagick is now available for openEuler-20.03-LTS-SP3</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2023-1817</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2023-11-17</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2023-11-17</InitialReleaseDate>
|
|
<CurrentReleaseDate>2023-11-17</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2023-11-17</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">GraphicsMagick security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for GraphicsMagick is now available for openEuler-20.03-LTS-SP3.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.
|
|
|
|
Security Fix(es):
|
|
|
|
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.(CVE-2020-21679)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for GraphicsMagick is now available for openEuler-20.03-LTS-SP3.
|
|
|
|
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">GraphicsMagick</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1817</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-21679</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-21679</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="GraphicsMagick-debugsource-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-debugsource-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-perl-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-perl-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-c++-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-c++-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-devel-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-devel-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-c++-devel-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-c++-devel-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-debuginfo-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-debuginfo-1.3.41-1.oe1.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="noarch">
|
|
<FullProductName ProductID="GraphicsMagick-help-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-help-1.3.41-1.oe1.noarch.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="GraphicsMagick-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-1.3.41-1.oe1.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="GraphicsMagick-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-devel-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-devel-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-debuginfo-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-debuginfo-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-c++-devel-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-c++-devel-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-debugsource-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-debugsource-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-c++-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-c++-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="GraphicsMagick-perl-1.3.41-1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">GraphicsMagick-perl-1.3.41-1.oe1.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2023-11-17</ReleaseDate>
|
|
<CVE>CVE-2020-21679</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>Medium</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>5.5</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>GraphicsMagick security update</Description>
|
|
<DATE>2023-11-17</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1817</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |