100481

https://github.com/ImageMagick/ImageMagick/issues/645

[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update

GLSA-201711-07

USN-3681-1

Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079

Several security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-14343: Fixed a memory leak vulnerability in     ReadXCFImage in coders/xcf.c via a crafted xcf image     file (bsc#1058422).

  - CVE-2017-12691: The ReadOneLayer function in     coders/xcf.c allowed remote attackers to cause a denial     of service (memory consumption) via a crafted file     (bsc#1058422).

  - CVE-2017-14042: Prevent memory allocation failure in the     ReadPNMImage function in coders/pnm.c. The vulnerability     caused a big memory allocation, which may have lead to     remote denial of service in the MagickRealloc function     in magick/memory.c (bsc#1056550).

  - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted file (bsc#1063049).

  - CVE-2017-13061: A length-validation vulnerability in the     function ReadPSDLayersInternal in coders/psd.c allowed     attackers to cause a denial of service (ReadPSDImage     memory exhaustion) via a crafted file (bsc#1055063).

  - CVE-2017-12563: A memory exhaustion vulnerability in the     function ReadPSDImage in coders/psd.c allowed attackers     to cause a denial of service (bsc#1052460).

  - CVE-2017-14174: coders/psd.c allowed for DoS in     ReadPSDLayersInternal() due to lack of an EOF (End of     File) check might have caused huge CPU consumption. When     a crafted PSD file, which claims a large 'length' field     in the header but did not contain sufficient backing     data, is provided, the loop over 'length' would consume     huge CPU resources, since there is no EOF check inside     the loop (bsc#1057723).

  - CVE-2017-13062: A memory leak vulnerability in the     function formatIPTC in coders/meta.c allowed attackers     to cause a denial of service (WriteMETAImage memory     consumption) via a crafted file (bsc#1055053).

  - CVE-2017-15277: ReadGIFImage in coders/gif.c left the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If this     functionality was used as a library loaded into a     process that operates on interesting data, this data     sometimes could have been leaked via the uninitialized     palette (bsc#1063050).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - security update (xcf.c) :

  - CVE-2017-14343: Memory leak vulnerability in     ReadXCFImage could lead to denial of service via a     crafted file. CVE-2017-12691: The ReadOneLayer function     in coders/xcf.c allows remote attackers to cause a     denial of service (memory consumption) via a crafted     file. [bsc#1058422]

  - security update (pnm.c) :

  - CVE-2017-14042: A memory allocation failure was     discovered in the ReadPNMImage function in coders/pnm.c     and could lead to remote denial of service [bsc#1056550]

  - security update (psd.c) :

  - CVE-2017-15281: ReadPSDImage allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     file [bsc#1063049]

  - CVE-2017-13061: A length-validation vulnerability was     found in the function ReadPSDLayersInternal in     coders/psd.c, which allows attackers to cause a denial     of service (ReadPSDImage memory exhaustion) via a     crafted file. [bsc#1055063]

  - CVE-2017-12563: A Memory exhaustion vulnerability was     found in the function ReadPSDImage in coders/psd.c,     which allows attackers to cause a denial of service.
    [bsc#1052460]

  - CVE-2017-14174: Due to a lack of an EOF check (End of     File) in ReadPSDLayersInternal could cause huge CPU     consumption, when a crafted PSD file, which claims a     large 'length' field in the header but does not contain     sufficient backing data, is provided, the loop over     \'length\' would consume huge CPU resources, since there     is no EOF check inside the loop.[bsc#1057723]

  - security update (meta.c) :

  - CVE-2017-13062: Amemory leak vulnerability was found in     the function formatIPTC in coders/meta.c, which allows     attackers to cause a denial of service (WriteMETAImage     memory consumption) via a crafted file [bsc#1055053]

  - security update (gif.c) :

  - CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If the affected     product is used as a library loaded into a process that     operates on interesting data, this data sometimes can be     leaked via the uninitialized palette.[bsc#1063050]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - security update (xcf.c) :

  - CVE-2017-14343: Memory leak vulnerability in     ReadXCFImage could lead to denial of service via a     crafted file. CVE-2017-12691: The ReadOneLayer function     in coders/xcf.c allows remote attackers to cause a     denial of service (memory consumption) via a crafted     file. [bsc#1058422]

  - security update (pnm.c) :

  - CVE-2017-14042: A memory allocation failure was     discovered in the ReadPNMImage function in coders/pnm.c     and could lead to remote denial of service [bsc#1056550]

  - security update (psd.c) :

  - CVE-2017-15281: ReadPSDImage allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     file [bsc#1063049]

  - CVE-2017-13061: A length-validation vulnerability was     found in the function ReadPSDLayersInternal in     coders/psd.c, which allows attackers to cause a denial     of service (ReadPSDImage memory exhaustion) via a     crafted file. [bsc#1055063]

  - CVE-2017-12563: A Memory exhaustion vulnerability was     found in the function ReadPSDImage in coders/psd.c,     which allows attackers to cause a denial of service.
    [bsc#1052460]

  - CVE-2017-14174: Due to a lack of an EOF check (End of     File) in ReadPSDLayersInternal could cause huge CPU     consumption, when a crafted PSD file, which claims a     large 'length' field in the header but does not contain     sufficient backing data, is provided, the loop over     \'length\' would consume huge CPU resources, since there     is no EOF check inside the loop.[bsc#1057723]

  - security update (meta.c) :

  - CVE-2017-13062: Amemory leak vulnerability was found in     the function formatIPTC in coders/meta.c, which allows     attackers to cause a denial of service (WriteMETAImage     memory consumption) via a crafted file [bsc#1055053]

  - security update (gif.c) :

  - CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If the affected     product is used as a library loaded into a process that     operates on interesting data, this data sometimes can be     leaked via the uninitialized palette.[bsc#1063050]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ImageMagick. Please       review the referenced CVE identifiers for details.
  Impact :

    Remote attackers, by enticing a user to process a specially crafted       file, could obtain sensitive information, cause a Denial of Service       condition, or have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
140297	Debian DLA-2366-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
105719	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0043-1)	Nessus	SuSE Local Security Checks	high
105640	openSUSE Security Update : ImageMagick (openSUSE-2018-7)	Nessus	SuSE Local Security Checks	high
105579	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0017-1)	Nessus	SuSE Local Security Checks	high
104515	GLSA-201711-07 : ImageMagick: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high

CVE-2017-13061

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high