ALAS-2024-532

Amazon Linux 2023 Security Advisory: ALAS-2024-532
Advisory Release Date: 2024-02-15 02:52 Pacific
Advisory Updated Date: 2024-02-19 20:26 Pacific
Severity: Important
Issue Overview:

Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. (CVE-2020-21679)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)


Affected Packages:

GraphicsMagick


Issue Correction:
Run dnf update GraphicsMagick --releasever 2023.3.20240219 to update your system.

New Packages:
aarch64:
    GraphicsMagick-perl-debuginfo-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-c++-devel-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-c++-debuginfo-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-debugsource-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-devel-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-perl-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-c++-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-1.3.38-1.amzn2023.0.4.aarch64
    GraphicsMagick-debuginfo-1.3.38-1.amzn2023.0.4.aarch64

noarch:
    GraphicsMagick-doc-1.3.38-1.amzn2023.0.4.noarch

src:
    GraphicsMagick-1.3.38-1.amzn2023.0.4.src

x86_64:
    GraphicsMagick-c++-debuginfo-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-perl-debuginfo-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-debugsource-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-c++-devel-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-devel-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-c++-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-perl-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-debuginfo-1.3.38-1.amzn2023.0.4.x86_64
    GraphicsMagick-1.3.38-1.amzn2023.0.4.x86_64

Additional References

Red Hat: CVE-2020-21679, CVE-2022-1270

Mitre: CVE-2020-21679, CVE-2022-1270