100157

https://github.com/ImageMagick/ImageMagick/issues/546

[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update

USN-3681-1

Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-12672: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052720).

  - CVE-2017-13060: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1055065).

  - CVE-2017-11724: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c involving the     quantum_info and clone_info data structures     (bsc#1051446).

  - CVE-2017-12670: Added validation in coders/mat.c to     prevent an assertion failure in the function     DestroyImage in MagickCore/image.c, which allowed     attackers to cause a denial of service (bsc#1052731).

  - CVE-2017-12667: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1052732).

  - CVE-2017-13146: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055323).

  - CVE-2017-10800: Processing MATLAB images in coders/mat.c     could have lead to a denial of service (OOM) in     ReadMATImage() if the size specified for a MAT Object     was larger than the actual amount of data (bsc#1047044)

  - CVE-2017-13648: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055434).

  - CVE-2017-11141: Fixed a memory leak vulnerability in the     function ReadMATImage in coders\mat.c that could have     caused memory exhaustion via a crafted MAT file, related     to incorrect ordering of a SetImageExtent call     (bsc#1047898).

  - CVE-2017-11529: The ReadMATImage function in     coders/mat.c allowed remote attackers to cause a denial     of service (memory leak) via a crafted file     (bsc#1050120).

  - CVE-2017-12564: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052468).

  - CVE-2017-12434: Added a missing NULL check in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (assertion     failure) in DestroyImageInfo in image.c (bsc#1052550).

  - CVE-2017-12675: Added a missing check for     multidimensional data coders/mat.c, that could have lead     to a memory leak in the function ReadImage in     MagickCore/constitute.c, which allowed attackers to     cause a denial of service (bsc#1052710).

  - CVE-2017-14326: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1058640).

  - CVE-2017-11644: Processesing a crafted file in convert     could have lead to a memory leak in the ReadMATImage()     function in coders/mat.c (bsc#1050606).

  - CVE-2017-13658: Added a missing NULL check in the     ReadMATImage function in coders/mat.c, which could have     lead to a denial of service (assertion failure and     application exit) in the DestroyImageInfo function in     MagickCore/image.c (bsc#1055855).

  - CVE-2017-14533: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1059751).

  - CVE-2017-17881: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted MAT     image file (bsc#1074123).

  - CVE-2017-1000476: Prevent CPU exhaustion in the function     ReadDDSInfo in coders/dds.c, which allowed attackers to     cause a denial of service (bsc#1074610).

  - CVE-2017-9409: Fixed a memory leak vulnerability in the     function ReadMPCImage in mpc.c, which allowed attackers     to cause a denial of service via a crafted file     (bsc#1042948).

  - CVE-2017-11449: coders/mpc did not enable seekable     streams and thus could not validate blob sizes, which     allowed remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via an image received from stdin (bsc#1049373)

  - CVE-2017-12430: A memory exhaustion in the function     ReadMPCImage in coders/mpc.c allowed attackers to cause     DoS (bsc#1052252)

  - CVE-2017-12642: Prevent a memory leak vulnerability in     ReadMPCImage in coders\mpc.c via crafted file allowing     for DoS (bsc#1052771)

  - CVE-2017-14249: A mishandled EOF check in ReadMPCImage     in coders/mpc.c that lead to a division by zero in     GetPixelCacheTileSize in MagickCore/cache.c allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1058082)

  - CVE-2017-1000445: Added a NUL pointer check in the     MagickCore component that might have lead to denial of     service (bsc#1074425).

  - CVE-2017-11751: Fixed a memory leak vulnerability in the     function WritePICONImage in coders/xpm.c that allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1051412).

  - CVE-2017-17680: Fixed a memory leak vulnerability in the     function ReadXPMImage in coders/xpm.c, which allowed     attackers to cause a denial of service via a crafted xpm     image file (bsc#1072902).

  - CVE-2017-17882: Fixed a memory leak vulnerability in the     function ReadXPMImage in coders/xpm.c, which allowed     attackers to cause a denial of service via a crafted XPM     image file (bsc#1074122).

  - CVE-2018-5246: Fixed memory leak vulnerability in     ReadPATTERNImage in coders/pattern.c (bsc#1074973).

  - CVE-2017-18022: Fixed memory leak vulnerability in     MontageImageCommand in MagickWand/montage.c     (bsc#1074975)

  - CVE-2018-5247: Fixed memory leak vulnerability in     ReadRLAImage in coders/rla.c (bsc#1074969)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues.

These security issues were fixed :

  - CVE-2017-1000476: A CPU exhaustion vulnerability was     found in the function ReadDDSInfo in coders/dds.c, which     allowed attackers to cause a denial of service     (bsc#1074610).

  - CVE-2017-9409: The ReadMPCImage function in mpc.c     allowed attackers to cause a denial of service (memory     leak) via a crafted file (bsc#1042948).

  - CVE-2017-1000445: A NULL pointer dereference in the     MagickCore component might have lead to denial of     service (bsc#1074425).

  - CVE-2017-17680: Prevent a memory leak in the function     ReadXPMImage in coders/xpm.c, which allowed attackers to     cause a denial of service via a crafted XPM image file     (a different vulnerability than CVE-2017-17882)     (bsc#1072902).

  - CVE-2017-17882: Prevent a memory leak in the function     ReadXPMImage in coders/xpm.c, which allowed attackers to     cause a denial of service via a crafted XPM image file     (a different vulnerability than CVE-2017-17680)     (bsc#1074122).

  - CVE-2017-11449: coders/mpc did not enable seekable     streams and thus could not validate blob sizes, which     allowed remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via an image received from stdin (bsc#1049373).

  - CVE-2017-12430: A memory exhaustion in the function     ReadMPCImage in coders/mpc.c allowed attackers to cause     DoS (bsc#1052252).

  - CVE-2017-12642: Prevent a memory leak vulnerability in     ReadMPCImage in coders\mpc.c via crafted file allowing     for DoS (bsc#1052771).

  - CVE-2017-14249: A mishandled EOF check in ReadMPCImage     in coders/mpc.c that lead to a division by zero in     GetPixelCacheTileSize in MagickCore/cache.c allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1058082).

  - Prevent memory leak via crafted file in pwp.c allowing     for DoS (bsc#1051412)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-1000476: A CPU exhaustion vulnerability was     found in the function ReadDDSInfo in coders/dds.c, which     allowed attackers to cause a denial of service     (bsc#1074610).

  - CVE-2017-9409: The ReadMPCImage function in mpc.c     allowed attackers to cause a denial of service (memory     leak) via a crafted file (bsc#1042948).

  - CVE-2017-1000445: A NULL pointer dereference in the     MagickCore component might have lead to denial of     service (bsc#1074425).

  - CVE-2017-17680: Prevent a memory leak in the function     ReadXPMImage in coders/xpm.c, which allowed attackers to     cause a denial of service via a crafted XPM image file     (a different vulnerability than CVE-2017-17882)     (bsc#1072902).

  - CVE-2017-17882: Prevent a memory leak in the function     ReadXPMImage in coders/xpm.c, which allowed attackers to     cause a denial of service via a crafted XPM image file     (a different vulnerability than CVE-2017-17680)     (bsc#1074122).

  - CVE-2017-11449: coders/mpc did not enable seekable     streams and thus could not validate blob sizes, which     allowed remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via an image received from stdin (bsc#1049373).

  - CVE-2017-12430: A memory exhaustion in the function     ReadMPCImage in coders/mpc.c allowed attackers to cause     DoS (bsc#1052252).

  - CVE-2017-12642: Prevent a memory leak vulnerability in     ReadMPCImage in coders\mpc.c via crafted file allowing     for DoS (bsc#1052771).

  - CVE-2017-14249: A mishandled EOF check in ReadMPCImage     in coders/mpc.c that lead to a division by zero in     GetPixelCacheTileSize in MagickCore/cache.c allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1058082).

  - Prevent memory leak via crafted file in pwp.c allowing     for DoS (bsc#1051412)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
125093	Debian DLA-1785-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
106186	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0132-1)	Nessus	SuSE Local Security Checks	high
106065	openSUSE Security Update : ImageMagick (openSUSE-2018-36)	Nessus	SuSE Local Security Checks	high
105721	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0055-1)	Nessus	SuSE Local Security Checks	high
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-12430

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins