https://github.com/ImageMagick/ImageMagick/issues/555

USN-3681-1

DSA-4019

DSA-4040

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

This update for ImageMagick fixes the following issues :

Security issues fixed :

  - CVE-2017-15033: A denial of service attack (memory leak)     was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]

  - CVE-2017-11446: An infinite loop in ReadPESImage was     fixed. (bsc#1049379)

  - CVE-2017-12433: A memory leak in ReadPESImage in     coders/pes.c was fixed. (bsc#1052545)

  - CVE-2017-12428: A memory leak in ReadWMFImage in     coders/wmf.c was fixed. (bsc#1052249)

  - CVE-2017-12431: A use-after-free in ReadWMFImage was     fixed. (bsc#1052253)

  - CVE-2017-11534: A memory leak in the lite_font_map() in     coders/wmf.c was fixed. (bsc#1050135)

  - CVE-2017-13133: A memory exhaustion in load_level     function in coders/xcf.c was fixed. (bsc#1055219)

  - CVE-2017-13139: A out-of-bounds read in the     ReadOneMNGImage was fixed. (bsc#1055430)

This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues: Security issues fixed :

  - CVE-2017-15033: A denial of service attack (memory leak)     was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]

  - CVE-2017-11446: An infinite loop in ReadPESImage was     fixed. (bsc#1049379)

  - CVE-2017-12433: A memory leak in ReadPESImage in     coders/pes.c was fixed. (bsc#1052545)

  - CVE-2017-12428: A memory leak in ReadWMFImage in     coders/wmf.c was fixed. (bsc#1052249)

  - CVE-2017-12431: A use-after-free in ReadWMFImage was     fixed. (bsc#1052253)

  - CVE-2017-11534: A memory leak in the lite_font_map() in     coders/wmf.c was fixed. (bsc#1050135)

  - CVE-2017-13133: A memory exhaustion in load_level     function in coders/xcf.c was fixed. (bsc#1055219)

  - CVE-2017-13139: A out-of-bounds read in the     ReadOneMNGImage was fixed. (bsc#1055430) This update     also reverts an incorrect fix for CVE-2016-7530     [bsc#1054924].

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
104684	Debian DSA-4040-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high
104528	openSUSE Security Update : ImageMagick (openSUSE-2017-1270)	Nessus	SuSE Local Security Checks	high
104474	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2949-1)	Nessus	SuSE Local Security Checks	high
104403	Debian DSA-4019-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-12431

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high