http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd

http://openwall.com/lists/oss-security/2017/08/31/3

100570

[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update

FEDORA-2019-da4c20882c

FEDORA-2019-425a1aa7c9

DSA-4321

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

Various vulnerabilities were discovered in graphicsmagick, a collection of image processing tools and associated libraries, resulting in denial of service, information disclosure, and a variety of buffer overflows and overreads.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u4.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

  - CVE-2017-13775: Fixed a denial of service issue in     ReadJNXImage() in coders/jnx.c (boo#1056431)

  - CVE-2017-13063: Fixed a heap-based buffer overflow     vulnerability in the function GetStyleTokens in     coders/svg.c (bsc#1055050)

  - CVE-2017-13064: Fixed a heap-based buffer overflow     vulnerability in the function GetStyleTokens in     coders/svg.c (bsc#1055042)

  - CVE-2017-12936: The ReadWMFImage function in     coders/wmf.c in GraphicsMagick had a use-after-free     issue for data associated with exception reporting.
    (bsc#1054598)

  - CVE-2017-13139: The ReadOneMNGImage function in     coders/png.c had an out-of-bounds read with the MNG CLIP     chunk. (bsc#1055430)

  - CVE-2017-12937: The ReadSUNImage function in     coders/sun.c in GraphicsMagick had a colormap heap-based     buffer over-read. (bsc#1054596)

ID	Name	Product	Family	Severity
132095	Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4222-1)	Nessus	Ubuntu Local Security Checks	critical
126361	Fedora 30 : GraphicsMagick (2019-da4c20882c)	Nessus	Fedora Local Security Checks	high
126356	Fedora 29 : GraphicsMagick (2019-425a1aa7c9)	Nessus	Fedora Local Security Checks	high
118179	Debian DSA-4321-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	critical
111520	Debian DLA-1456-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical
104235	openSUSE Security Update : GraphicsMagick (openSUSE-2017-1199)	Nessus	SuSE Local Security Checks	critical

CVE-2017-13775

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high

high

critical

critical

critical