100481

https://github.com/ImageMagick/ImageMagick/issues/645

GLSA-201711-07

USN-3681-1

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-14343: Fixed a memory leak vulnerability in     ReadXCFImage in coders/xcf.c via a crafted xcf image     file (bsc#1058422).

  - CVE-2017-12691: The ReadOneLayer function in     coders/xcf.c allowed remote attackers to cause a denial     of service (memory consumption) via a crafted file     (bsc#1058422).

  - CVE-2017-14042: Prevent memory allocation failure in the     ReadPNMImage function in coders/pnm.c. The vulnerability     caused a big memory allocation, which may have lead to     remote denial of service in the MagickRealloc function     in magick/memory.c (bsc#1056550).

  - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted file (bsc#1063049).

  - CVE-2017-13061: A length-validation vulnerability in the     function ReadPSDLayersInternal in coders/psd.c allowed     attackers to cause a denial of service (ReadPSDImage     memory exhaustion) via a crafted file (bsc#1055063).

  - CVE-2017-12563: A memory exhaustion vulnerability in the     function ReadPSDImage in coders/psd.c allowed attackers     to cause a denial of service (bsc#1052460).

  - CVE-2017-14174: coders/psd.c allowed for DoS in     ReadPSDLayersInternal() due to lack of an EOF (End of     File) check might have caused huge CPU consumption. When     a crafted PSD file, which claims a large 'length' field     in the header but did not contain sufficient backing     data, is provided, the loop over 'length' would consume     huge CPU resources, since there is no EOF check inside     the loop (bsc#1057723).

  - CVE-2017-13062: A memory leak vulnerability in the     function formatIPTC in coders/meta.c allowed attackers     to cause a denial of service (WriteMETAImage memory     consumption) via a crafted file (bsc#1055053).

  - CVE-2017-15277: ReadGIFImage in coders/gif.c left the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If this     functionality was used as a library loaded into a     process that operates on interesting data, this data     sometimes could have been leaked via the uninitialized     palette (bsc#1063050).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - security update (xcf.c) :

  - CVE-2017-14343: Memory leak vulnerability in     ReadXCFImage could lead to denial of service via a     crafted file. CVE-2017-12691: The ReadOneLayer function     in coders/xcf.c allows remote attackers to cause a     denial of service (memory consumption) via a crafted     file. [bsc#1058422]

  - security update (pnm.c) :

  - CVE-2017-14042: A memory allocation failure was     discovered in the ReadPNMImage function in coders/pnm.c     and could lead to remote denial of service [bsc#1056550]

  - security update (psd.c) :

  - CVE-2017-15281: ReadPSDImage allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     file [bsc#1063049]

  - CVE-2017-13061: A length-validation vulnerability was     found in the function ReadPSDLayersInternal in     coders/psd.c, which allows attackers to cause a denial     of service (ReadPSDImage memory exhaustion) via a     crafted file. [bsc#1055063]

  - CVE-2017-12563: A Memory exhaustion vulnerability was     found in the function ReadPSDImage in coders/psd.c,     which allows attackers to cause a denial of service.
    [bsc#1052460]

  - CVE-2017-14174: Due to a lack of an EOF check (End of     File) in ReadPSDLayersInternal could cause huge CPU     consumption, when a crafted PSD file, which claims a     large 'length' field in the header but does not contain     sufficient backing data, is provided, the loop over     \'length\' would consume huge CPU resources, since there     is no EOF check inside the loop.[bsc#1057723]

  - security update (meta.c) :

  - CVE-2017-13062: Amemory leak vulnerability was found in     the function formatIPTC in coders/meta.c, which allows     attackers to cause a denial of service (WriteMETAImage     memory consumption) via a crafted file [bsc#1055053]

  - security update (gif.c) :

  - CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If the affected     product is used as a library loaded into a process that     operates on interesting data, this data sometimes can be     leaked via the uninitialized palette.[bsc#1063050]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - security update (xcf.c) :

  - CVE-2017-14343: Memory leak vulnerability in     ReadXCFImage could lead to denial of service via a     crafted file. CVE-2017-12691: The ReadOneLayer function     in coders/xcf.c allows remote attackers to cause a     denial of service (memory consumption) via a crafted     file. [bsc#1058422]

  - security update (pnm.c) :

  - CVE-2017-14042: A memory allocation failure was     discovered in the ReadPNMImage function in coders/pnm.c     and could lead to remote denial of service [bsc#1056550]

  - security update (psd.c) :

  - CVE-2017-15281: ReadPSDImage allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     file [bsc#1063049]

  - CVE-2017-13061: A length-validation vulnerability was     found in the function ReadPSDLayersInternal in     coders/psd.c, which allows attackers to cause a denial     of service (ReadPSDImage memory exhaustion) via a     crafted file. [bsc#1055063]

  - CVE-2017-12563: A Memory exhaustion vulnerability was     found in the function ReadPSDImage in coders/psd.c,     which allows attackers to cause a denial of service.
    [bsc#1052460]

  - CVE-2017-14174: Due to a lack of an EOF check (End of     File) in ReadPSDLayersInternal could cause huge CPU     consumption, when a crafted PSD file, which claims a     large 'length' field in the header but does not contain     sufficient backing data, is provided, the loop over     \'length\' would consume huge CPU resources, since there     is no EOF check inside the loop.[bsc#1057723]

  - security update (meta.c) :

  - CVE-2017-13062: Amemory leak vulnerability was found in     the function formatIPTC in coders/meta.c, which allows     attackers to cause a denial of service (WriteMETAImage     memory consumption) via a crafted file [bsc#1055053]

  - security update (gif.c) :

  - CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the     palette uninitialized when processing a GIF file that     has neither a global nor local palette. If the affected     product is used as a library loaded into a process that     operates on interesting data, this data sometimes can be     leaked via the uninitialized palette.[bsc#1063050]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ImageMagick. Please       review the referenced CVE identifiers for details.
  Impact :

    Remote attackers, by enticing a user to process a specially crafted       file, could obtain sensitive information, cause a Denial of Service       condition, or have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
105719	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0043-1)	Nessus	SuSE Local Security Checks	high
105640	openSUSE Security Update : ImageMagick (openSUSE-2018-7)	Nessus	SuSE Local Security Checks	high
105579	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0017-1)	Nessus	SuSE Local Security Checks	high
104515	GLSA-201711-07 : ImageMagick: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high

CVE-2017-13061

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins