GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4222-1 advisory.

    It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly     use this issue to cause a denial of service or other unspecified impact.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

Various vulnerabilities were discovered in graphicsmagick, a collection of image processing tools and associated libraries, resulting in denial of service, information disclosure, and a variety of buffer overflows and overreads.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u4.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-9405: A memory leak in the ReadICONImage     function was fixed that could lead to DoS via memory     exhaustion (bsc#1042911)

  - CVE-2017-9407: In ImageMagick, the ReadPALMImage     function in palm.c allowed attackers to cause a denial     of service (memory leak) via a crafted file.
    (bsc#1042824)

  - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a     memoryleak could have caused memory exhaustion via a     crafted length (bsc#1048110)

  - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for     memory exhaustion via invalid colors data in the header     of a TGA or VST file (bsc#1048272)

  - CVE-2017-11448: The ReadJPEGImage function in     coders/jpeg.c in ImageMagick allowed remote attackers to     obtain sensitive information from uninitialized memory     locations via a crafted file. (bsc#1049375)

  - CVE-2017-11450: A remote denial of service in     coders/jpeg.c was fixed (bsc#1049374)

  - CVE-2017-11528: ReadDIBImage in coders/dib.c allows     remote attackers to cause DoS via memory exhaustion     (bsc#1050119)

  - CVE-2017-11530: ReadEPTImage in coders/ept.c allows     remote attackers to cause DoS via memory exhaustion     (bsc#1050122)

  - CVE-2017-11531: When ImageMagick processed a crafted     file in convert, it could lead to a Memory Leak in the     WriteHISTOGRAMImage() function in coders/histogram.c.
    (bsc#1050126)

  - CVE-2017-11533: A information leak by 1 byte due to     heap-based buffer over-read in the WriteUILImage() in     coders/uil.c was fixed (bsc#1050132)

  - CVE-2017-11537: When ImageMagick processed a crafted     file in convert, it can lead to a Floating Point     Exception (FPE) in the WritePALMImage() function in     coders/palm.c, related to an incorrect bits-per-pixel     calculation. (bsc#1050048)

  - CVE-2017-11638, CVE-2017-11642: A NULL pointer     dereference in theWriteMAPImage() in coders/map.c was     fixed which could lead to a crash (bsc#1050617)

  - CVE-2017-12418: ImageMagick had memory leaks in the     parse8BIMW and format8BIM functions in coders/meta.c,     related to the WriteImage function in     MagickCore/constitute.c. (bsc#1052207)

  - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed     remote attackers to cause a DoS (bsc#1052248)

  - CVE-2017-12429: A memory exhaustion flaw in     ReadMIFFImage in coders/miff.c was fixed, which allowed     attackers to cause DoS (bsc#1052251)

  - CVE-2017-12432: In ImageMagick, a memory exhaustion     vulnerability was found in the function ReadPCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service. (bsc#1052254)

  - CVE-2017-12566: A memory leak in ReadMVGImage in     coders/mvg.c, could have allowed attackers to cause DoS     (bsc#1052472)

  - CVE-2017-12654: The ReadPICTImage function in     coders/pict.c in ImageMagick allowed attackers to cause     a denial of service (memory leak) via a crafted file.
    (bsc#1052761)

  - CVE-2017-12663: A memory leak in WriteMAPImage in     coders/map.c was fixed that could lead to a DoS via     memory exhaustion (bsc#1052754)

  - CVE-2017-12664: ImageMagick had a memory leak     vulnerability in WritePALMImage in coders/palm.c.
    (bsc#1052750)

  - CVE-2017-12665: ImageMagick had a memory leak     vulnerability in WritePICTImage in coders/pict.c.
    (bsc#1052747)

  - CVE-2017-12668: ImageMagick had a memory leak     vulnerability in WritePCXImage in coders/pcx.c.
    (bsc#1052688)

  - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in     coders/pdb.c was fixed, which allowed attackers to cause     DoS (bsc#1052711)

  - CVE-2017-13058: In ImageMagick, a memory leak     vulnerability was found in the function WritePCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service via a crafted file. (bsc#1055069)

  - CVE-2017-13131: A memory leak vulnerability was found in     thefunction ReadMIFFImage in coders/miff.c, which     allowed attackers tocause a denial of service (memory     consumption in NewL (bsc#1055229)

  - CVE-2017-14060: A NULL pointer Dereference issue in the     ReadCUTImage function in coders/cut.c was fixed that     could have caused a Denial of Service (bsc#1056768)

  - CVE-2017-14139: A memory leak vulnerability in     WriteMSLImage in coders/msl.c was fixed. (bsc#1057163)

  - CVE-2017-14224: A heap-based buffer overflow in     WritePCXImage in coders/pcx.c could lead to denial of     service or code execution. (bsc#1058009)

  - CVE-2017-17682: A large loop vulnerability was fixed in     ExtractPostscript in coders/wpg.c, which allowed     attackers to cause a denial of service (CPU exhaustion)     (bsc#1072898)

  - CVE-2017-17885: In ImageMagick, a memory leak     vulnerability was found in the function ReadPICTImage in     coders/pict.c, which allowed attackers to cause a denial     of service via a crafted PICT image file. (bsc#1074119)

  - CVE-2017-17934: A memory leak in the function     MSLPopImage and ProcessMSLScript could have lead to a     denial of service (bsc#1074170)

  - CVE-2017-18028: A memory exhaustion in the function     ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182)

  - CVE-2018-5357: ImageMagick had memory leaks in the     ReadDCMImage function in coders/dcm.c. (bsc#1075821)

  - CVE-2018-6405: In the ReadDCMImage function in     coders/dcm.c in ImageMagick, each redmap, greenmap, and     bluemap variable can be overwritten by a new pointer.
    The previous pointer is lost, which leads to a memory     leak. This allowed remote attackers to cause a denial of     service. (bsc#1078433)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-9405: A memory leak in the ReadICONImage     function was fixed that could lead to DoS via memory     exhaustion (bsc#1042911)

  - CVE-2017-9407: In ImageMagick, the ReadPALMImage     function in palm.c allowed attackers to cause a denial     of service (memory leak) via a crafted file.
    (bsc#1042824)

  - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a     memoryleak could have caused memory exhaustion via a     crafted length (bsc#1048110)

  - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for     memory exhaustion via invalid colors data in the header     of a TGA or VST file (bsc#1048272)

  - CVE-2017-11448: The ReadJPEGImage function in     coders/jpeg.c in ImageMagick allowed remote attackers to     obtain sensitive information from uninitialized memory     locations via a crafted file. (bsc#1049375)

  - CVE-2017-11450: A remote denial of service in     coders/jpeg.c was fixed (bsc#1049374)

  - CVE-2017-11528: ReadDIBImage in coders/dib.c allows     remote attackers to cause DoS via memory exhaustion     (bsc#1050119)

  - CVE-2017-11530: ReadEPTImage in coders/ept.c allows     remote attackers to cause DoS via memory exhaustion     (bsc#1050122)

  - CVE-2017-11531: When ImageMagick processed a crafted     file in convert, it could lead to a Memory Leak in the     WriteHISTOGRAMImage() function in coders/histogram.c.
    (bsc#1050126)

  - CVE-2017-11533: A information leak by 1 byte due to     heap-based buffer over-read in the WriteUILImage() in     coders/uil.c was fixed (bsc#1050132)

  - CVE-2017-11537: When ImageMagick processed a crafted     file in convert, it can lead to a Floating Point     Exception (FPE) in the WritePALMImage() function in     coders/palm.c, related to an incorrect bits-per-pixel     calculation. (bsc#1050048)

  - CVE-2017-11638, CVE-2017-11642: A NULL pointer     dereference in theWriteMAPImage() in coders/map.c was     fixed which could lead to a crash (bsc#1050617)

  - CVE-2017-12418: ImageMagick had memory leaks in the     parse8BIMW and format8BIM functions in coders/meta.c,     related to the WriteImage function in     MagickCore/constitute.c. (bsc#1052207)

  - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed     remote attackers to cause a DoS (bsc#1052248)

  - CVE-2017-12429: A memory exhaustion flaw in     ReadMIFFImage in coders/miff.c was fixed, which allowed     attackers to cause DoS (bsc#1052251)

  - CVE-2017-12432: In ImageMagick, a memory exhaustion     vulnerability was found in the function ReadPCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service. (bsc#1052254)

  - CVE-2017-12566: A memory leak in ReadMVGImage in     coders/mvg.c, could have allowed attackers to cause DoS     (bsc#1052472)

  - CVE-2017-12654: The ReadPICTImage function in     coders/pict.c in ImageMagick allowed attackers to cause     a denial of service (memory leak) via a crafted file.
    (bsc#1052761)

  - CVE-2017-12663: A memory leak in WriteMAPImage in     coders/map.c was fixed that could lead to a DoS via     memory exhaustion (bsc#1052754)

  - CVE-2017-12664: ImageMagick had a memory leak     vulnerability in WritePALMImage in coders/palm.c.
    (bsc#1052750)

  - CVE-2017-12665: ImageMagick had a memory leak     vulnerability in WritePICTImage in coders/pict.c.
    (bsc#1052747)

  - CVE-2017-12668: ImageMagick had a memory leak     vulnerability in WritePCXImage in coders/pcx.c.
    (bsc#1052688)

  - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in     coders/pdb.c was fixed, which allowed attackers to cause     DoS (bsc#1052711)

  - CVE-2017-13058: In ImageMagick, a memory leak     vulnerability was found in the function WritePCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service via a crafted file. (bsc#1055069)

  - CVE-2017-13131: A memory leak vulnerability was found in     thefunction ReadMIFFImage in coders/miff.c, which     allowed attackers tocause a denial of service (memory     consumption in NewL (bsc#1055229)

  - CVE-2017-14060: A NULL pointer Dereference issue in the     ReadCUTImage function in coders/cut.c was fixed that     could have caused a Denial of Service (bsc#1056768)

  - CVE-2017-14139: A memory leak vulnerability in     WriteMSLImage in coders/msl.c was fixed. (bsc#1057163)

  - CVE-2017-14224: A heap-based buffer overflow in     WritePCXImage in coders/pcx.c could lead to denial of     service or code execution. (bsc#1058009)

  - CVE-2017-17682: A large loop vulnerability was fixed in     ExtractPostscript in coders/wpg.c, which allowed     attackers to cause a denial of service (CPU exhaustion)     (bsc#1072898)

  - CVE-2017-17885: In ImageMagick, a memory leak     vulnerability was found in the function ReadPICTImage in     coders/pict.c, which allowed attackers to cause a denial     of service via a crafted PICT image file. (bsc#1074119)

  - CVE-2017-17934: A memory leak in the function     MSLPopImage and ProcessMSLScript could have lead to a     denial of service (bsc#1074170)

  - CVE-2017-18028: A memory exhaustion in the function     ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182)

  - CVE-2018-5357: ImageMagick had memory leaks in the     ReadDCMImage function in coders/dcm.c. (bsc#1075821)

  - CVE-2018-6405: In the ReadDCMImage function in     coders/dcm.c in ImageMagick, each redmap, greenmap, and     bluemap variable can be overwritten by a new pointer.
    The previous pointer is lost, which leads to a memory     leak. This allowed remote attackers to cause a denial of     service. (bsc#1078433)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-9407: In ImageMagick, the ReadPALMImage     function in palm.c allowed attackers to cause a denial     of service (memory leak) via a crafted file.
    (bsc#1042824)

  - CVE-2017-11448: The ReadJPEGImage function in     coders/jpeg.c in ImageMagick allowed remote attackers to     obtain sensitive information from uninitialized memory     locations via a crafted file. (bsc#1049375)

  - CVE-2017-11450: A remote denial of service in     coders/jpeg.c was fixed (bsc#1049374)

  - CVE-2017-11537: When ImageMagick processed a crafted     file in convert, it can lead to a Floating Point     Exception (FPE) in the WritePALMImage() function in     coders/palm.c, related to an incorrect bits-per-pixel     calculation. (bsc#1050048)

  - CVE-2017-12418: ImageMagick had memory leaks in the     parse8BIMW and format8BIM functions in coders/meta.c,     related to the WriteImage function in     MagickCore/constitute.c. (bsc#1052207)

  - CVE-2017-12432: In ImageMagick, a memory exhaustion     vulnerability was found in the function ReadPCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service. (bsc#1052254)

  - CVE-2017-12654: The ReadPICTImage function in     coders/pict.c in ImageMagick allowed attackers to cause     a denial of service (memory leak) via a crafted file.
    (bsc#1052761)

  - CVE-2017-12664: ImageMagick had a memory leak     vulnerability in WritePALMImage in coders/palm.c.
    (bsc#1052750)

  - CVE-2017-12665: ImageMagick had a memory leak     vulnerability in WritePICTImage in coders/pict.c.
    (bsc#1052747)

  - CVE-2017-12668: ImageMagick had a memory leak     vulnerability in WritePCXImage in coders/pcx.c.
    (bsc#1052688)

  - CVE-2017-13058: In ImageMagick, a memory leak     vulnerability was found in the function WritePCXImage in     coders/pcx.c, which allowed attackers to cause a denial     of service via a crafted file. (bsc#1055069)

  - CVE-2017-14224: A heap-based buffer overflow in     WritePCXImage in coders/pcx.c could lead to denial of     service or code execution. (bsc#1058009)

  - CVE-2017-17885: In ImageMagick, a memory leak     vulnerability was found in the function ReadPICTImage in     coders/pict.c, which allowed attackers to cause a denial     of service via a crafted PICT image file. (bsc#1074119)

  - CVE-2017-18028: A memory exhaustion in the function     ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182)

  - CVE-2018-6405: In the ReadDCMImage function in     coders/dcm.c in ImageMagick, each redmap, greenmap, and     bluemap variable can be overwritten by a new pointer.
    The previous pointer is lost, which leads to a memory     leak. This allowed remote attackers to cause a denial of     service. (bsc#1078433)

  - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed     remote attackers to cause a DoS (bsc#1052248)

  - CVE-2017-12566: A memory leak in ReadMVGImage in     coders/mvg.c, could have allowed attackers to cause DoS     (bsc#1052472)

  - CVE-2017-11638, CVE-2017-11642: A NULL pointer     dereference in theWriteMAPImage() in coders/map.c was     fixed which could lead to a crash (bsc#1050617)

  - CVE-2017-13131: A memory leak vulnerability was found in     thefunction ReadMIFFImage in coders/miff.c, which     allowed attackers tocause a denial of service (memory     consumption in NewL (bsc#1055229)

  - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a     memoryleak could have caused memory exhaustion via a     crafted length (bsc#1048110)

  - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in     coders/pdb.c was fixed, which allowed attackers to cause     DoS (bsc#1052711)

  - CVE-2017-12429: A memory exhaustion flaw in     ReadMIFFImage in coders/miff.c was fixed, which allowed     attackers to cause DoS (bsc#1052251)

  - CVE-2017-11637: A NULL pointer dereference in     WritePCLImage() in coders/pcl.c was fixed which could     lead to a crash (bsc#1050669)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

  - CVE-2017-11637: Fixed a NULL pointer dereference in     WritePCLImage() in coders/pcl.c (boo#1050669)

  - CVE-2017-11638, CVE-2017-11642: Fixed a NULL pointer     dereference in theWriteMAPImage() in coders/map.c     (boo#1050617)

  - CVE-2017-17503: Fixed a heap-based buffer overflow in     the ReadGRAYImage (boo#1072934)

  - CVE-2017-14060: Fixed a NULL pointer Dereference issue     in the ReadCUTImage function in coders/cut.c that could     cause a Denial of Service (boo#1056768)

Multiple security vulnerabilities, NULL pointer dereferences, use-after-free and heap based overflows, were discovered in graphicsmagick that can lead to denial of service by consuming all available memory or segmentation faults.

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u8.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132095	Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4222-1)	Nessus	Ubuntu Local Security Checks	critical
126361	Fedora 30 : GraphicsMagick (2019-da4c20882c)	Nessus	Fedora Local Security Checks	high
126356	Fedora 29 : GraphicsMagick (2019-425a1aa7c9)	Nessus	Fedora Local Security Checks	high
118179	Debian DSA-4321-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	critical
111520	Debian DLA-1456-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical
107185	openSUSE Security Update : ImageMagick (openSUSE-2018-230)	Nessus	SuSE Local Security Checks	high
107116	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0581-1)	Nessus	SuSE Local Security Checks	high
106926	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0486-1)	Nessus	SuSE Local Security Checks	critical
106923	openSUSE Security Update : GraphicsMagick (openSUSE-2018-191)	Nessus	SuSE Local Security Checks	critical
102043	Debian DLA-1045-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical

Detections

Analytics

CVE-2017-11642

high

Tenable Plugins

critical

high

high

critical

critical

high

high

critical

critical

critical