100162

https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0

https://github.com/ImageMagick/ImageMagick/issues/551

USN-3681-1

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14989: use-after-free in RenderFreetype in     MagickCore/annotate.c could lead to denial of service     [bsc#1061254]

  - CVE-2017-14682: GetNextToken in MagickCore/token.c heap     buffer overflow could lead to denial of service     [bsc#1060176]

  - Memory leak in WriteINLINEImage in coders/inline.c could     lead to denial of service [bsc#1052744]

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-16669: problem in coders/wpg.c could allow     remote attackers to cause a denial of service via     crafted file [bsc#1067409]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-14138: memory leak vulnerability in     ReadWEBPImage in coders/webp.c could lead to denial of     service [bsc#1057157]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-15217: memory leak in ReadSGIImage in     coders/sgi.c [bsc#1062750]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c inImageMagick     7.0.6-8 allows remote attackers to cause a denial of     service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-11523: ReadTXTImage in coders/txt.c allows     remote attackers to cause a denial of service     [bsc#1050083]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116] 

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441] 

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847] 

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14989: use-after-free in RenderFreetype in     MagickCore/annotate.c could lead to denial of service     [bsc#1061254]

  - CVE-2017-14682: GetNextToken in MagickCore/token.c heap     buffer overflow could lead to denial of service     [bsc#1060176]

  - Memory leak in WriteINLINEImage in coders/inline.c could     lead to denial of service [bsc#1052744]

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-16669: problem in coders/wpg.c could allow     remote attackers to cause a denial of service via     crafted file [bsc#1067409]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-14138: memory leak vulnerability in     ReadWEBPImage in coders/webp.c could lead to denial of     service [bsc#1057157]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-15217: memory leak in ReadSGIImage in     coders/sgi.c [bsc#1062750]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c inImageMagick     7.0.6-8 allows remote attackers to cause a denial of     service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-11523: ReadTXTImage in coders/txt.c allows     remote attackers to cause a denial of service     [bsc#1050083]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116]

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441]

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847]

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c allows remote     attackers to cause a denial of service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116]

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441]

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847]

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

  - CVE-2017-12140: ReadDCMImage in coders\dcm.c has a     ninteger signedness error leading to excessive memory     consumption (bnc#1051847)

  - CVE-2017-14994: NULL pointer in ReadDCMImage in     coders/dcm.c could lead to denial of service     (bnc#1061587)

  - CVE-2017-12662: Memory leak in WritePDFImage in     coders/pdf.c could lead to denial of service     (bnc#1052758)

  - CVE-2017-14733: Heap overflow on ReadRLEImage in     coders/rle.c could lead to denial of service     (bnc#1060577) 

  - CVE-2017-12644: Memory leak in ReadDCMImage in     coders\dcm.c could lead to denial of service     (bnc#1052764)

  - CVE-2017-10799: denial of service (OOM) can occur     inReadDPXImage() (bnc#1047054)

ID	Name	Product	Family	Severity
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
105455	openSUSE Security Update : ImageMagick (openSUSE-2017-1413)	Nessus	SuSE Local Security Checks	high
105409	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)	Nessus	SuSE Local Security Checks	high
105408	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)	Nessus	SuSE Local Security Checks	high
105243	openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)	Nessus	SuSE Local Security Checks	high

CVE-2017-12644

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins