Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3186-1 Final 1 1 2023-08-03T19:47:28Z current 2023-08-03T19:47:28Z 2023-08-03T19:47:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: - CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-private.h (bsc#1213624). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3186,openSUSE-SLE-15.4-2023-3186 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233186-1/ Link for SUSE-SU-2023:3186-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015774.html E-Mail link for SUSE-SU-2023:3186-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213624 SUSE Bug 1213624 https://www.suse.com/security/cve/CVE-2023-3745/ SUSE CVE CVE-2023-3745 page openSUSE Leap 15.4 ImageMagick-7.0.7.34-150200.10.51.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.51.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.51.1 ImageMagick-devel-7.0.7.34-150200.10.51.1 ImageMagick-devel-32bit-7.0.7.34-150200.10.51.1 ImageMagick-devel-64bit-7.0.7.34-150200.10.51.1 ImageMagick-doc-7.0.7.34-150200.10.51.1 ImageMagick-extra-7.0.7.34-150200.10.51.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1 libMagick++-7_Q16HDRI4-64bit-7.0.7.34-150200.10.51.1 libMagick++-devel-7.0.7.34-150200.10.51.1 libMagick++-devel-32bit-7.0.7.34-150200.10.51.1 libMagick++-devel-64bit-7.0.7.34-150200.10.51.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 libMagickCore-7_Q16HDRI6-64bit-7.0.7.34-150200.10.51.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 libMagickWand-7_Q16HDRI6-64bit-7.0.7.34-150200.10.51.1 perl-PerlMagick-7.0.7.34-150200.10.51.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 as a component of openSUSE Leap 15.4 A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. CVE-2023-3745 openSUSE Leap 15.4:libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1 openSUSE Leap 15.4:libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1 openSUSE Leap 15.4:libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 openSUSE Leap 15.4:libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1 openSUSE Leap 15.4:libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 openSUSE Leap 15.4:libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233186-1/ https://www.suse.com/security/cve/CVE-2023-3745.html CVE-2023-3745 https://bugzilla.suse.com/1213624 SUSE Bug 1213624