100252

https://github.com/ImageMagick/ImageMagick/issues/610

[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update

USN-3681-1

Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues.

These security issues were fixed :

  - CVE-2018-5246: Fixed memory leak vulnerability in     ReadPATTERNImage in coders/pattern.c (bsc#1074973)

  - CVE-2017-18022: Fixed memory leak vulnerability in     MontageImageCommand in MagickWand/montage.c     (bsc#1074975)

  - CVE-2018-5247: Fixed memory leak vulnerability in     ReadRLAImage in coders/rla.c (bsc#1074969)

  - CVE-2017-12672: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052720)

  - CVE-2017-13060: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1055065)

  - CVE-2017-11724: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c involving the     quantum_info and clone_info data structures     (bsc#1051446)

  - CVE-2017-12670: Added validation in coders/mat.c to     prevent an assertion failure in the function     DestroyImage in MagickCore/image.c, which allowed     attackers to cause a denial of service (bsc#1052731)

  - CVE-2017-12667: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1052732)

  - CVE-2017-13146: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055323)

  - CVE-2017-10800: Processing MATLAB images in coders/mat.c     could have lead to a denial of service (OOM) in     ReadMATImage() if the size specified for a MAT Object     was larger than the actual amount of data (bsc#1047044)

  - CVE-2017-13648: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055434)

  - CVE-2017-11141: Fixed a memory leak vulnerability in the     function ReadMATImage in coders\mat.c that could have     caused memory exhaustion via a crafted MAT file, related     to incorrect ordering of a SetImageExtent call     (bsc#1047898)

  - CVE-2017-11529: The ReadMATImage function in     coders/mat.c allowed remote attackers to cause a denial     of service (memory leak) via a crafted file     (bsc#1050120)

  - CVE-2017-12564: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052468)

  - CVE-2017-12434: Added a missing NULL check in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (assertion     failure) in DestroyImageInfo in image.c (bsc#1052550)

  - CVE-2017-12675: Added a missing check for     multidimensional data coders/mat.c, that could have lead     to a memory leak in the function ReadImage in     MagickCore/constitute.c, which allowed attackers to     cause a denial of service (bsc#1052710)

  - CVE-2017-14326: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1058640)

  - CVE-2017-11644: Processesing a crafted file in convert     could have lead to a memory leak in the ReadMATImage()     function in coders/mat.c (bsc#1050606)

  - CVE-2017-13658: Added a missing NULL check in the     ReadMATImage function in coders/mat.c, which could have     lead to a denial of service (assertion failure and     application exit) in the DestroyImageInfo function in     MagickCore/image.c (bsc#1055855)

  - CVE-2017-14533: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1059751)

  - CVE-2017-17881: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted MAT     image file (bsc#1074123)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-12672: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052720).

  - CVE-2017-13060: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1055065).

  - CVE-2017-11724: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c involving the     quantum_info and clone_info data structures     (bsc#1051446).

  - CVE-2017-12670: Added validation in coders/mat.c to     prevent an assertion failure in the function     DestroyImage in MagickCore/image.c, which allowed     attackers to cause a denial of service (bsc#1052731).

  - CVE-2017-12667: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1052732).

  - CVE-2017-13146: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055323).

  - CVE-2017-10800: Processing MATLAB images in coders/mat.c     could have lead to a denial of service (OOM) in     ReadMATImage() if the size specified for a MAT Object     was larger than the actual amount of data (bsc#1047044)

  - CVE-2017-13648: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055434).

  - CVE-2017-11141: Fixed a memory leak vulnerability in the     function ReadMATImage in coders\mat.c that could have     caused memory exhaustion via a crafted MAT file, related     to incorrect ordering of a SetImageExtent call     (bsc#1047898).

  - CVE-2017-11529: The ReadMATImage function in     coders/mat.c allowed remote attackers to cause a denial     of service (memory leak) via a crafted file     (bsc#1050120).

  - CVE-2017-12564: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052468).

  - CVE-2017-12434: Added a missing NULL check in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (assertion     failure) in DestroyImageInfo in image.c (bsc#1052550).

  - CVE-2017-12675: Added a missing check for     multidimensional data coders/mat.c, that could have lead     to a memory leak in the function ReadImage in     MagickCore/constitute.c, which allowed attackers to     cause a denial of service (bsc#1052710).

  - CVE-2017-14326: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1058640).

  - CVE-2017-11644: Processesing a crafted file in convert     could have lead to a memory leak in the ReadMATImage()     function in coders/mat.c (bsc#1050606).

  - CVE-2017-13658: Added a missing NULL check in the     ReadMATImage function in coders/mat.c, which could have     lead to a denial of service (assertion failure and     application exit) in the DestroyImageInfo function in     MagickCore/image.c (bsc#1055855).

  - CVE-2017-14533: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1059751).

  - CVE-2017-17881: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted MAT     image file (bsc#1074123).

  - CVE-2017-1000476: Prevent CPU exhaustion in the function     ReadDDSInfo in coders/dds.c, which allowed attackers to     cause a denial of service (bsc#1074610).

  - CVE-2017-9409: Fixed a memory leak vulnerability in the     function ReadMPCImage in mpc.c, which allowed attackers     to cause a denial of service via a crafted file     (bsc#1042948).

  - CVE-2017-11449: coders/mpc did not enable seekable     streams and thus could not validate blob sizes, which     allowed remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via an image received from stdin (bsc#1049373)

  - CVE-2017-12430: A memory exhaustion in the function     ReadMPCImage in coders/mpc.c allowed attackers to cause     DoS (bsc#1052252)

  - CVE-2017-12642: Prevent a memory leak vulnerability in     ReadMPCImage in coders\mpc.c via crafted file allowing     for DoS (bsc#1052771)

  - CVE-2017-14249: A mishandled EOF check in ReadMPCImage     in coders/mpc.c that lead to a division by zero in     GetPixelCacheTileSize in MagickCore/cache.c allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1058082)

  - CVE-2017-1000445: Added a NUL pointer check in the     MagickCore component that might have lead to denial of     service (bsc#1074425).

  - CVE-2017-11751: Fixed a memory leak vulnerability in the     function WritePICONImage in coders/xpm.c that allowed     remote attackers to cause a denial of service via a     crafted file (bsc#1051412).

  - CVE-2017-17680: Fixed a memory leak vulnerability in the     function ReadXPMImage in coders/xpm.c, which allowed     attackers to cause a denial of service via a crafted xpm     image file (bsc#1072902).

  - CVE-2017-17882: Fixed a memory leak vulnerability in the     function ReadXPMImage in coders/xpm.c, which allowed     attackers to cause a denial of service via a crafted XPM     image file (bsc#1074122).

  - CVE-2018-5246: Fixed memory leak vulnerability in     ReadPATTERNImage in coders/pattern.c (bsc#1074973).

  - CVE-2017-18022: Fixed memory leak vulnerability in     MontageImageCommand in MagickWand/montage.c     (bsc#1074975)

  - CVE-2018-5247: Fixed memory leak vulnerability in     ReadRLAImage in coders/rla.c (bsc#1074969)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2018-5246: Fixed memory leak vulnerability in     ReadPATTERNImage in coders/pattern.c (bsc#1074973)

  - CVE-2017-18022: Fixed memory leak vulnerability in     MontageImageCommand in MagickWand/montage.c     (bsc#1074975)

  - CVE-2018-5247: Fixed memory leak vulnerability in     ReadRLAImage in coders/rla.c (bsc#1074969)

  - CVE-2017-12672: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052720)

  - CVE-2017-13060: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1055065)

  - CVE-2017-11724: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c involving the     quantum_info and clone_info data structures     (bsc#1051446)

  - CVE-2017-12670: Added validation in coders/mat.c to     prevent an assertion failure in the function     DestroyImage in MagickCore/image.c, which allowed     attackers to cause a denial of service (bsc#1052731)

  - CVE-2017-12667: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1052732)

  - CVE-2017-13146: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055323)

  - CVE-2017-10800: Processing MATLAB images in coders/mat.c     could have lead to a denial of service (OOM) in     ReadMATImage() if the size specified for a MAT Object     was larger than the actual amount of data (bsc#1047044)

  - CVE-2017-13648: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1055434)

  - CVE-2017-11141: Fixed a memory leak vulnerability in the     function ReadMATImage in coders\mat.c that could have     caused memory exhaustion via a crafted MAT file, related     to incorrect ordering of a SetImageExtent call     (bsc#1047898)

  - CVE-2017-11529: The ReadMATImage function in     coders/mat.c allowed remote attackers to cause a denial     of service (memory leak) via a crafted file     (bsc#1050120)

  - CVE-2017-12564: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (bsc#1052468)

  - CVE-2017-12434: Added a missing NULL check in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service (assertion     failure) in DestroyImageInfo in image.c (bsc#1052550)

  - CVE-2017-12675: Added a missing check for     multidimensional data coders/mat.c, that could have lead     to a memory leak in the function ReadImage in     MagickCore/constitute.c, which allowed attackers to     cause a denial of service (bsc#1052710)

  - CVE-2017-14326: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted     file (bsc#1058640)

  - CVE-2017-11644: Processesing a crafted file in convert     could have lead to a memory leak in the ReadMATImage()     function in coders/mat.c (bsc#1050606)

  - CVE-2017-13658: Added a missing NULL check in the     ReadMATImage function in coders/mat.c, which could have     lead to a denial of service (assertion failure and     application exit) in the DestroyImageInfo function in     MagickCore/image.c (bsc#1055855)

  - CVE-2017-14533: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c (bsc#1059751)

  - CVE-2017-17881: Fixed a memory leak vulnerability in the     function ReadMATImage in coders/mat.c, which allowed     attackers to cause a denial of service via a crafted MAT     image file (bsc#1074123)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

  - CVE-2017-12672: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1052720)

  - CVE-2017-13060: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1055065)

  - CVE-2017-12670: Specially crafted MAT images may lead to     an assertion failure and DoS (bsc#1052731)

  - CVE-2017-10800: Specially crafted MAT images may lead to     memory denial of service (bsc#1047044)

  - CVE-2017-13648: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1055434)

  - CVE-2017-12564: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1052468)

  - CVE-2017-12675: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1052710)

  - CVE-2017-14326: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1058640)

  - CVE-2017-17881: Memory leak vulnerability allowed DoS     via MAT image files (bsc#1074123)

  - CVE-2017-11449: coders/mpc.c in ImageMagick before     7.0.6-1 remote denial of service (boo#1049373)

  - CVE-2017-11532: Memory Leak in WriteMPCImage() in     coders/mpc.c (boo#1050129)

  - CVE-2017-16547: Incorrect memory management in DrawImage     function in magick/render.c could lead to denial of     service (boo#1067177)

  - CVE-2017-18022: Fixed memory leak vulnerability in     MontageImageCommand in MagickWand/montage.c     (bsc#1074975)

  - Memory leak in pwp.c (boo#1051412)

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
125093	Debian DLA-1785-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
106221	openSUSE Security Update : ImageMagick (openSUSE-2018-61)	Nessus	SuSE Local Security Checks	high
106186	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0132-1)	Nessus	SuSE Local Security Checks	high
106184	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0130-1)	Nessus	SuSE Local Security Checks	high
106064	openSUSE Security Update : GraphicsMagick (openSUSE-2018-35)	Nessus	SuSE Local Security Checks	medium
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-12670

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins