{"id":"MGASA-2019-0033","summary":"Updated graphicsmagick packages fix security vulnerabilities","details":"It was discovered that graphicsmagick was subject to vulnerabilites.\n* heap-based buffer overflow in the WriteTGAImage function of tga.c\n(CVE-2018-20184).\n* denial of service vulnerability in ReadDIBImage function of\ncoders/dib.c (CVE-2018-20189).\n* heap-based buffer over-read in the ReadBMPImage function of bmp.c\n(CVE-2018-20185).\n","modified":"2026-02-01T02:40:14.261718Z","published":"2019-01-11T21:07:56Z","related":["CVE-2018-20184","CVE-2018-20185","CVE-2018-20189"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0033.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24103"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-12/msg00148.html"},{"type":"REPORT","url":"http://lists.suse.com/pipermail/sle-security-updates/2019-January/005014.html"}],"affected":[{"package":{"name":"graphicsmagick","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/graphicsmagick?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.31-1.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0033.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}