http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931

102164

[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update

[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update

FEDORA-2019-da4c20882c

FEDORA-2019-425a1aa7c9

https://sourceforge.net/p/graphicsmagick/bugs/523/

DSA-4321

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

http://www.graphicsmagick.org/NEWS.html#june-15-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u3.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

  - CVE-2017-11533: An infoleak by 1 byte due to heap-based     buffer over-read in the WriteUILImage() in coders/uil.c     was fixed (boo#1050132)

  - CVE-2017-17682: A large loop vulnerability was found in     the function ExtractPostscript in coders/wpg.c, which     allowed attackers to cause a denial of service (CPU     exhaustion) (boo#1072898)

  - CVE-2017-17500: A heap-based buffer overread in the     ImportRGBQuantumType was fixed that could lead to     information leak or a crash (boo#1077737)

The NSFocus Security Team discovered multiple security issues in Graphicsmagick, a collection of image processing tools. Several heap-based buffer over-reads may lead to a denial of service (application crash) or possibly have other unspecified impact when processing a crafted file.

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u16.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
133207	Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4248-1)	Nessus	Ubuntu Local Security Checks	high
126361	Fedora 30 : GraphicsMagick (2019-da4c20882c)	Nessus	Fedora Local Security Checks	high
126356	Fedora 29 : GraphicsMagick (2019-425a1aa7c9)	Nessus	Fedora Local Security Checks	high
118179	Debian DSA-4321-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	critical
110727	Debian DLA-1401-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical
107047	openSUSE Security Update : GraphicsMagick (openSUSE-2018-213)	Nessus	SuSE Local Security Checks	high
105659	Debian DLA-1231-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	high

CVE-2017-17500

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

critical

critical

high

high