100479

https://github.com/ImageMagick/ImageMagick/issues/679

[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update

GLSA-201711-07

Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes several issues. These security issues were fixed :

  - CVE-2017-11534: Processing a crafted file in convert     could have lead to a Memory Leak in the lite_font_map()     function in coders/wmf.c (bsc#1050135).

  - CVE-2017-13133: The load_level function in coders/xcf.c     lacked offset validation, which allowed attackers to     cause a denial of service (load_tile memory exhaustion)     via a crafted file (bsc#1055219).

  - CVE-2017-13139: The ReadOneMNGImage function in     coders/png.c had an out-of-bounds read with the MNG CLIP     chunk (bsc#1055430).

  - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in     coders/yuv.c (bsc#1061873).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

Security issues fixed :

  - CVE-2017-15033: A denial of service attack (memory leak)     was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]

  - CVE-2017-11446: An infinite loop in ReadPESImage was     fixed. (bsc#1049379)

  - CVE-2017-12433: A memory leak in ReadPESImage in     coders/pes.c was fixed. (bsc#1052545)

  - CVE-2017-12428: A memory leak in ReadWMFImage in     coders/wmf.c was fixed. (bsc#1052249)

  - CVE-2017-12431: A use-after-free in ReadWMFImage was     fixed. (bsc#1052253)

  - CVE-2017-11534: A memory leak in the lite_font_map() in     coders/wmf.c was fixed. (bsc#1050135)

  - CVE-2017-13133: A memory exhaustion in load_level     function in coders/xcf.c was fixed. (bsc#1055219)

  - CVE-2017-13139: A out-of-bounds read in the     ReadOneMNGImage was fixed. (bsc#1055430)

This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].

This update was imported from the SUSE:SLE-12:Update update project.

The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ImageMagick. Please       review the referenced CVE identifiers for details.
  Impact :

    Remote attackers, by enticing a user to process a specially crafted       file, could obtain sensitive information, cause a Denial of Service       condition, or have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

This update for ImageMagick fixes the following issues: Security issues fixed :

  - CVE-2017-15033: A denial of service attack (memory leak)     was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]

  - CVE-2017-11446: An infinite loop in ReadPESImage was     fixed. (bsc#1049379)

  - CVE-2017-12433: A memory leak in ReadPESImage in     coders/pes.c was fixed. (bsc#1052545)

  - CVE-2017-12428: A memory leak in ReadWMFImage in     coders/wmf.c was fixed. (bsc#1052249)

  - CVE-2017-12431: A use-after-free in ReadWMFImage was     fixed. (bsc#1052253)

  - CVE-2017-11534: A memory leak in the lite_font_map() in     coders/wmf.c was fixed. (bsc#1050135)

  - CVE-2017-13133: A memory exhaustion in load_level     function in coders/xcf.c was fixed. (bsc#1055219)

  - CVE-2017-13139: A out-of-bounds read in the     ReadOneMNGImage was fixed. (bsc#1055430) This update     also reverts an incorrect fix for CVE-2016-7530     [bsc#1054924].

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
125093	Debian DLA-1785-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
104966	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3168-1)	Nessus	SuSE Local Security Checks	high
104528	openSUSE Security Update : ImageMagick (openSUSE-2017-1270)	Nessus	SuSE Local Security Checks	high
104515	GLSA-201711-07 : ImageMagick: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
104474	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2949-1)	Nessus	SuSE Local Security Checks	high
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-13133

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins