70837

https://bugzilla.redhat.com/show_bug.cgi?id=1159362

https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html

https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR, SGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN, EPT, ICON, DDS, or ART files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u14.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats.
Most of those potential security problems do not have a CVE number assigned.

While the security implications of all of these problems are not all fully known, it is highly recommended to update.

The update fixes the following identified vulnerabilities :

CVE-2012-3437

Incorrect validation of PNG buffer size, leading to DoS using specially crafted PNG files.

CVE-2014-8354

Out of bounds memory access in resize

CVE-2014-8355

Buffer overflow in PCX reader

CVE-2014-8562

Buffer overflow in DCM readers

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated imagemagick package fixes security vulnerabilities :

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030).

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).

ImageMagick has been updated to fix four security issues :

  - Crafted jpeg file could have lead to a Denial of     Service. (CVE-2014-8716)

  - Out-of-bounds memory access in resize code.
    (CVE-2014-8354)

  - Out-of-bounds memory access in PCX parser.
    (CVE-2014-8355)

  - Out-of-bounds memory error in DCM decode.
    (CVE-2014-8562)

Updated imagemagick packages fix security vulnerabilities :

ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).

ImageMagick was updated to fix three security issues. &#9; These security issues were fixed :

  - Out-of-bounds memory access in PCX parser     (CVE-2014-8355).

  - Out-of-bounds memory access in resize code     (CVE-2014-8354).

  - Out-of-bounds memory error in DCM decode     (CVE-2014-8562).

The remote Windows host is running a version of ImageMagick prior to version 6.8.9-9. It is, therefore, affected by the following vulnerabilities :

  - An out-of-bounds read error exist in the function     'CloneImage' within file 'image.c' that can allow     application crashes or information disclosure.
    (CVE-2014-8354)

  - An out-of-bounds read error exist in the function     'ReadPCXImage' within file 'coders/pcx.c' that can     allow application crashes or information disclosure.
    (CVE-2014-8355)

  - An error exists in the function 'DeleteImageProfile'     related to image processing that can allow denial of     service attacks. (CVE-2014-8561)

  - An out-of-bounds read error exists in the 'ReadDCMImage'     function within file 'coders/dcm.c' that can allow     application crashes or information disclosure.
    (CVE-2014-8562)

  - An off-by-one error exists related to '8BIM' handling     that can allow an attacker to have an unspecified     impact.

ID	Name	Product	Family	Severity
131846	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	Nessus	Huawei Local Security Checks	high
100480	Debian DLA-960-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
95053	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3131-1)	Nessus	Ubuntu Local Security Checks	high
84130	Debian DLA-242-1 : imagemagick security update	Nessus	Debian Local Security Checks	medium
82358	Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)	Nessus	Mandriva Local Security Checks	high
80021	SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)	Nessus	SuSE Local Security Checks	high
79572	Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)	Nessus	Mandriva Local Security Checks	medium
79224	openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1396-1)	Nessus	SuSE Local Security Checks	medium
78892	ImageMagick < 6.8.9-9 Multiple Vulnerabilities	Nessus	Windows	medium

CVE-2014-8562

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins