http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05

100476

https://github.com/ImageMagick/ImageMagick/issues/670

[debian-lts-announce] 20171114 [SECURITY] [DLA 1170-1] graphicsmagick security update

[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update

GLSA-201711-07

USN-3681-1

DSA-4032

DSA-4040

DSA-4321

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u3.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14989: use-after-free in RenderFreetype in     MagickCore/annotate.c could lead to denial of service     [bsc#1061254]

  - CVE-2017-14682: GetNextToken in MagickCore/token.c heap     buffer overflow could lead to denial of service     [bsc#1060176]

  - Memory leak in WriteINLINEImage in coders/inline.c could     lead to denial of service [bsc#1052744]

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-16669: problem in coders/wpg.c could allow     remote attackers to cause a denial of service via     crafted file [bsc#1067409]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-14138: memory leak vulnerability in     ReadWEBPImage in coders/webp.c could lead to denial of     service [bsc#1057157]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-15217: memory leak in ReadSGIImage in     coders/sgi.c [bsc#1062750]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c inImageMagick     7.0.6-8 allows remote attackers to cause a denial of     service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-11523: ReadTXTImage in coders/txt.c allows     remote attackers to cause a denial of service     [bsc#1050083]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116] 

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441] 

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847] 

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14989: use-after-free in RenderFreetype in     MagickCore/annotate.c could lead to denial of service     [bsc#1061254]

  - CVE-2017-14682: GetNextToken in MagickCore/token.c heap     buffer overflow could lead to denial of service     [bsc#1060176]

  - Memory leak in WriteINLINEImage in coders/inline.c could     lead to denial of service [bsc#1052744]

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-16669: problem in coders/wpg.c could allow     remote attackers to cause a denial of service via     crafted file [bsc#1067409]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-14138: memory leak vulnerability in     ReadWEBPImage in coders/webp.c could lead to denial of     service [bsc#1057157]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-15217: memory leak in ReadSGIImage in     coders/sgi.c [bsc#1062750]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c inImageMagick     7.0.6-8 allows remote attackers to cause a denial of     service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-11523: ReadTXTImage in coders/txt.c allows     remote attackers to cause a denial of service     [bsc#1050083]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116]

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441]

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847]

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14607: out of bounds read flaw related to     ReadTIFFImagehas could possibly disclose potentially     sensitive memory [bsc#1059778]

  - CVE-2017-11640: NULL pointer deref in WritePTIFImage()     in coders/tiff.c [bsc#1050632]

  - CVE-2017-14342: a memory exhaustion vulnerability in     ReadWPGImage in coders/wpg.c could lead to denial of     service [bsc#1058485]

  - CVE-2017-14341: Infinite loop in the ReadWPGImage     function [bsc#1058637]

  - CVE-2017-16546: problem in the function ReadWPGImage in     coders/wpg.c could lead to denial of service     [bsc#1067181]

  - CVE-2017-16545: The ReadWPGImage function in     coders/wpg.c in validation problems could lead to denial     of service [bsc#1067184]

  - CVE-2017-14175: Lack of End of File check could lead to     denial of service [bsc#1057719]

  - CVE-2017-13769: denial of service issue in function     WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]

  - CVE-2017-13134: a heap-based buffer over-read was found     in thefunction SFWScan in coders/sfw.c, which allows     attackers to cause adenial of service via a crafted     file. [bsc#1055214]

  - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in     ImageMagick allows remote attackers to cause a DoS     [bsc#1049796]

  - CVE-2017-15930: NULL pointer dereference while     transfering JPEG scanlines could lead to denial of     service [bsc#1066003]

  - CVE-2017-12983: Heap-based buffer overflow in the     ReadSFWImage function in coders/sfw.c allows remote     attackers to cause a denial of service [bsc#1054757]

  - CVE-2017-14531: memory exhaustion issue in ReadSUNImage     incoders/sun.c. [bsc#1059666]

  - CVE-2017-12435: Memory exhaustion in ReadSUNImage in     coders/sun.c, which allows attackers to cause denial of     service [bsc#1052553]

  - CVE-2017-12587: User controlable large loop in the     ReadPWPImage in coders\pwp.c could lead to denial of     service [bsc#1052450]

  - CVE-2017-14173: unction ReadTXTImage is vulnerable to a     integer overflow that could lead to denial of service     [bsc#1057729]

  - CVE-2017-11188: ImageMagick: The ReadDPXImage function     in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop     vulnerability that can cause CPU exhaustion via a     crafted DPX file, relatedto lack of an EOF check.
    [bnc#1048457]

  - CVE-2017-11527: ImageMagick: ReadDPXImage in     coders/dpx.c allows remote attackers to cause DoS     [bnc#1050116]

  - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based     buffer over-read in WritePSImage() in coders/ps.c     [bnc#1050139]

  - CVE-2017-11752: ImageMagick: ReadMAGICKImage in     coders/magick.c allows to cause DoS [bnc#1051441]

  - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c     has a ninteger signedness error leading to excessive     memory consumption [bnc#1051847]

  - CVE-2017-12669: ImageMagick: Memory leak in     WriteCALSImage in coders/cals.c [bnc#1052689]

  - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak     in WritePDFImage in coders/pdf.c [bnc#1052758]

  - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage     in codersdcm.c [bnc#1052764]

  - CVE-2017-14172: ImageMagick: Lack of end of file check     in ReadPSImage() could lead to a denial of service     [bnc#1057730]

  - CVE-2017-14733: GraphicsMagick: Heap overflow on     ReadRLEImage in coders/rle.c could lead to denial of     service [bnc#1060577]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

This update for GraphicsMagick fixes the following security issues :

  - CVE-2017-13776: denial of service issue in     ReadXBMImage() in a coders/xbm.c (bsc#1056429)

  - CVE-2017-13777: denial of service issue in     ReadXBMImage() in a coders/xbm.c (bsc#1056426)

  - CVE-2017-13134: heap-based buffer over-read allowing DoS     via crafted sfw files (bsc#1055214)

  - CVE-2017-15930: Specially crafted JPEG files could lead     to a NULL pointer dereference and DoS (bsc#1066003)

  - CVE-2017-14165: Memory allocation issue may allow DoS     through specially crafted files (bsc#1057508)

  - CVE-2017-12983: Heap-based buffer overflow could have     triggered an application crash or possibly have     unspecified other impact via a crafted file.
    (bnc#1054757)

Security vulnerabilities have been identified in graphicsmagick, a collection of image processing utilities and libraries.

CVE-2017-13134

Graphicsmagick was vulnerable to a heap-based buffer over-read and denial of service via a crafted SFW file.

CVE-2017-16547

Graphicsmagick was vulnerable to a remote denial of service (application crash) or possible unspecified other impact via a crafted file resulting from a defective memory allocation.

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u15.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ImageMagick. Please       review the referenced CVE identifiers for details.
  Impact :

    Remote attackers, by enticing a user to process a specially crafted       file, could obtain sensitive information, cause a Denial of Service       condition, or have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed.

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
118179	Debian DSA-4321-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	high
110727	Debian DLA-1401-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	high
110516	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Nessus	Ubuntu Local Security Checks	high
105455	openSUSE Security Update : ImageMagick (openSUSE-2017-1413)	Nessus	SuSE Local Security Checks	high
105409	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)	Nessus	SuSE Local Security Checks	high
105408	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)	Nessus	SuSE Local Security Checks	high
104684	Debian DSA-4040-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high
104615	openSUSE Security Update : GraphicsMagick (openSUSE-2017-1276)	Nessus	SuSE Local Security Checks	high
104534	Debian DLA-1170-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	medium
104515	GLSA-201711-07 : ImageMagick: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
104504	Debian DSA-4032-1 : imagemagick - security update	Nessus	Debian Local Security Checks	medium
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-13134

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins