openSUSE-SU-2016:2641

openSUSE-SU-2016:2644

[oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues

93074

https://bugzilla.redhat.com/show_bug.cgi?id=1374233

[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update

Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u3.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

  - CVE-2016-8684: Mismatch between real filesize and header     values (bsc#1005123)

  - CVE-2016-8683: Check that filesize is reasonable     compared to the header value (bsc#1005127)

  - CVE-2016-8682: Stack-buffer read overflow while reading     SCT header (bsc#1005125)

  - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues     (bsc#1003629)

  - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to     heap overflow (bsc#1002422)

  - CVE-2016-7537: Out of bound access for corrupted pdb     file (bsc#1000711)

  - CVE-2016-7533: Wpg file out of bound for corrupted file     (bsc#1000707)

  - CVE-2016-7531: Pbd file out of bound access     (bsc#1000704)

  - CVE-2016-7529: out of bound in quantum handling     (bsc#1000399)

  - CVE-2016-7528: Out of bound access in xcf file coder     (bsc#1000434)

  - CVE-2016-7527: out of bound access in wpg file coder:
    (bsc#1000436)

  - CVE-2016-7526: out-of-bounds write in     ./MagickCore/pixel-accessor.h (bsc#1000702)

  - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow     READ of size 1 in meta.c:465 (bsc#1000700)

  - CVE-2016-7522: Out of bound access for malformed psd     file (bsc#1000698)

  - CVE-2016-7519: out-of-bounds read in coders/rle.c     (bsc#1000695)

  - CVE-2016-7517: out-of-bounds read in coders/pict.c     (bsc#1000693)

  - CVE-2016-7516: Out of bounds problem in rle, pict, viff     and sun files (bsc#1000692)

  - CVE-2016-7515: Rle file handling for corrupted file     (bsc#1000689)

  - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449:
    various issues fixed in 1.3.25 (bsc#999673)

  - CVE-2016-7101: SGI Coder Out-Of-Bounds Read     Vulnerability (bsc#1001221)

  - CVE-2016-6823: BMP Coder Out-Of-Bounds Write     Vulnerability (bsc#1001066)

  - CVE-2016-5688: Various invalid memory reads in     ImageMagick WPG (bsc#985442)

  - CVE-2015-8958: Potential DOS in sun file handling due to     malformed files (bsc#1000691)

  - CVE-2015-8957: Buffer overflow in sun file handling     (bsc#1000690)

  - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders     (bsc#1002209)

  - Divide by zero in WriteTIFFImage (bsc#1002206)

This update for GraphicsMagick fixes the following issues :

  - security update :

  - CVE-2016-8684 [boo#1005123]

  - CVE-2016-8682 [boo#1005125]

  - CVE-2016-8683 [boo#1005127]

  - security update :

  - CVE-2016-7529 [boo#1000399]

  - CVE-2016-7528 [boo#1000434]

  - CVE-2016-7515 [boo#1000689]

  - CVE-2016-7446 [boo#999673]

  - CVE-2016-7447 [boo#999673]

  - CVE-2016-7448 [boo#999673]

  - CVE-2016-7449 [boo#999673]

  - CVE-2016-7517 [boo#1000693]

  - CVE-2016-7519 [boo#1000695]

  - CVE-2016-7522 [boo#1000698]

  - CVE-2016-7524 [boo#1000700]

  - CVE-2016-7531 [boo#1000704]

  - CVE-2016-7533 [boo#1000707]

  - CVE-2016-7537 [boo#1000711]

  - CVE-2016-6823 [boo#1001066]

  - CVE-2016-7101 [boo#1001221]

  - do not divide by zero in WriteTIFFImage [boo#1002206]

  - fix buffer overflow [boo#1002209]

  - CVE-2016-7800 [boo#1002422]

  - CVE-2016-7996, CVE-2016-7997 [boo#1003629]

A possible heap overflow was discovered in the EscapeParenthesis() function (CVE-2016-7447).

Various issues were found in the processing of SVG files in GraphicsMagick (CVE-2016-7446).

The TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449).

The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU, causing a denial of service (CVE-2016-7448)

Various security issues were found and fixed in graphicsmagick in Debian wheezy LTS.

CVE-2016-7446

Heap buffer overflow issue in MVG/SVG rendering.

CVE-2016-7447

Heap overflow of the EscapeParenthesis() function

CVE-2016-7449

TIFF related problems due to use of strlcpy use.

CVE-2016-7800

Fix unsigned underflow leading to heap overflow when parsing 8BIM chunk.

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u4.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
110727	Debian DLA-1401-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical
94305	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1230)	Nessus	SuSE Local Security Checks	critical
94304	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1229)	Nessus	SuSE Local Security Checks	critical
94018	Amazon Linux AMI : GraphicsMagick (ALAS-2016-752)	Nessus	Amazon Linux Local Security Checks	critical
93968	Debian DLA-651-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical

CVE-2016-7447

CRITICAL

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

critical

critical

critical