Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-11474

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

CVE
#vulnerability#web#windows#dos#redis#perl#pdf#buffer_overflow#chrome#ssl

2023-02-26 Bob Friesenhahn <[email protected]>

  • Makefile.am: Stop producing BZip, Gzip, Lzip, and Zstandard compressed archives so the only tar option is XZ compressed. See if anyone complains.

  • www/download.rst: Add summary documentation regarding archive formats.

2023-02-12 Bob Friesenhahn <[email protected]>

  • coders/jpeg.c (ReadJPEGImage): Replace MagickAllocateResourceLimitedArray() with MagickAllocateResourceLimitedClearedArray() and eliminate explicit memset().

2023-02-08 Bob Friesenhahn <[email protected]>

  • magick/blob.c (ImageToBlob): Immediately reject attempts to write blobs to formats which can not support blobs.

2023-02-06 Bob Friesenhahn <[email protected]>

  • coders/mpc.c (RegisterMPCImage): Set seekable_stream and blob_support to false.

2023-02-05 Fojtik Jaroslav <[email protected]>

  • VisualMagick/configure/configure.rc Changed “Configure.EXE” to “configure.exe”

  • VisualMagick/configure/configure.exe Configure.exe has been blacklisted with 6 antiviruses. https://www.virustotal.com/gui/file/3a0e54c8439200faf666b5680e0608e93fd67b5cda0d72dc32f54f0308574aba

2023-02-04 Bob Friesenhahn <[email protected]>

  • configure.ac: Test for interesting libjpeg-turbo 3.0 functions (which may also appear in other JPEG libraries).

  • coders/jpeg.c: Block out existing code for C_LOSSLESS_SUPPORTED and D_LOSSLESS_SUPPORTED when compiling with JPEG-Turbo 3.0 since it is not compatible with it.

  • coders/wpg.c (ApproveFormatForWPG): Pass in existing ExceptionInfo pointer.

2023-01-31 Fojtik Jaroslav <[email protected]>

  • coders/wpg.c: Do not approve any format from “META” module for embedding.

2023-01-28 Bob Friesenhahn <[email protected]>

  • coders/wpg.c (WriteWPGImage): image->colors is only valid for storage_class == PseudoClass.

2023-01-25 Fojtik Jaroslav <[email protected]>

  • coders/wpg.c: Format “8BIMTEXT” cannot be embedded inside WPG.

2023-01-24 Fojtik Jaroslav <[email protected]>

  • VisualMagick/tests/runtest.bat Add missing tests of fileformats.

2023-01-15 Bob Friesenhahn <[email protected]>

  • tests/rwblob.tap: Add sanity test for WPG format.

  • tests/rwfile.tap: Add sanity test for WPG format.

  • coders/wpg.c: Change line terminations back to ISO standard format. (RegisterWPGImage): WPG currently only supports one frame.

  • Makefile.am: No longer produce “.sig” files since the “.asc” files can do everything that the “.sig” files can do.

2023-01-15 Fojtik Jaroslav <[email protected]>

  • VisualMagick/tests/runtest.bat

  • coders/wpg.c Added WPG writer … cross your fingers.

2023-01-14 Bob Friesenhahn <[email protected]>

  • PerlMagick/MANIFEST: Update PerlMagick manifest.

  • version.sh: Updated for 1.3.40 release.

  • NEWS.txt: Updated the news.

2023-01-13 Bob Friesenhahn <[email protected]>

  • coders/jxl.c (ReadJXLImage): Cache and trace extra channel info.

2023-01-11 Fojtik Jaroslav <[email protected]>

  • coders/wpg.c Fixed Monochromatic bilevel WPG should answer to gm identify file.wpg … PseudoClass 2c 8-bit

2023-01-08 Fojtik Jaroslav <[email protected]>

  • coders/wpg.c Fixed deffect in WPG header reading.

2023-01-08 Bob Friesenhahn <[email protected]>

  • coders/png.c (WriteOnePNGImage): Use lower-case raw profile identifiers (e.g. ‘Raw profile type xmp’) because exiftool expects that. Partially addresses concerns raised by SourceForge bug #682 "Invalid storage of XMP in PNGs".

  • www/INSTALL-unix.rst: Add notes about required libjxl versions.

  • README.txt: Add notes about required libjxl versions.

2023-01-08 Fojtik Jaroslav <[email protected]>

  • VisualMagick/tests/runtest.bat Added new tests for WEBP, BMP2 & BMP3. These tests are passing.

2023-01-07 Bob Friesenhahn <[email protected]>

  • NEWS.txt: Updated the news.

  • It is 2023 now! Update copyrights, rotate changelogs, etc.

  • magick/blob.c (OpenBlob): Zlib has never supported opening Unix ‘compress’ .Z files (although gzip does). So don’t open such files using zlib.

  • coders/sun.c: Add IM1, IM8, and IM24 magick aliases for Sun Raster format since those are the historically correct extensions.

2023-01-06 Bob Friesenhahn <[email protected]>

  • coders/sun.c (ReadSUNImage): Address oss-fuzz 54810 "graphicsmagick:coder_SUN_fuzzer: Heap-buffer-overflow in ReadSUNImage".

  • coders/pict.c (WritePICTImage): Fix use of logical operator where binary operator is needed.

2023-01-05 Fojtik Jaroslav <[email protected]>

  • VisualMagick/installer/inc/body.isx 64 bit distribution MUST NOT be installed on pure 32 bit system. Sanity check added.

2023-01-05 Fojtik Jaroslav <[email protected]>

  • VisualMagick/installer/inc/body.isx

  • VisualMagick/installer/inc/files-dlls.isx (VisualMagick/installer/redist/VC2008SP1/vcredist_x64.exe must be downloaded from www). (VisualMagick/installer/redist/VC2008SP1/vcredist_x86.exe must be downloaded from www). Fix graphics magick installer for Windows.

2023-01-04 Fojtik Jaroslav <[email protected]>

  • VisualMagick/tests/runtest.bat Added new tests for PGX (jp2), MAT, uncommented test for EPDF and PICON.

2023-01-03 Fojtik Jaroslav <[email protected]>

  • VisualMagick/jp2/src/appl/UTILITY.txt removed fuzz.c.

2023-01-03 Fojtik Jaroslav <[email protected]>

  • VisualMagick/jp2/src/libjasper/pgx/LIBRARY.txt

  • jp2/src/libjasper/include/jasper/jas_config.h PGX codec was not compilled into gm, now added.

2023-01-02 Bob Friesenhahn <[email protected]>

  • coders/pict.c: Add more tracing.

2023-01-01 Bob Friesenhahn <[email protected]>

  • coders/pcd.c (WritePCDTile): Handle writing image with a dimension of 1.

2023-01-02 Fojtik Jaroslav <[email protected]>

  • jp2/* Update lib jasper to 2.0.33. Code cleanly compilles, but there is still some problem. Will be solved later. jp2/src/lib/jasper/include/jasper/stdbool2.h No longer needed.

2023-01-01 Bob Friesenhahn <[email protected]>

  • magick/utility.c (GetMagickGeometry): Assure that width and height are not scaled down to zero since it is an invalid value.

  • coders/sun.c (ReadSUNImage): Enlarge RLE output buffer in order to avoid buffer overflow. Addresses oss-fuzz 54716 "graphicsmagick:coder_RAS_fuzzer: Heap-buffer-overflow in ReadSUNImage", which is due to a new problem added since the 1.3.39 release.

2023-01-01 Fojtik Jaroslav <[email protected]>

  • jp2/* Update lib jasper to 2.0.0.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907