DSA-3863

98689

https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.8-10 or 7.x prior to 7.0.5-9. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in the ReadRLEImage() function within file     coders/rle.c when reading image color maps due to issues     related to a 'type unsigned char' falling outside the     range of representable values. An unauthenticated,     remote attacker can exploit this, via a specially     crafted image, to cause a denial of service condition or     possibly have other impact. (CVE-2017-7606)

  - An infinite loop condition exists in multiple color     algorithms within file magick/enhance.c due to a     floating-point rounding error. An unauthenticated,     remote attacker can exploit this to consume excessive     resources, resulting in a denial of service condition.
    (CVE-2017-7619)

  - A denial of service vulnerability exists in the     ReadSGIImage() function within file coders/sgi.c when     handling a specially crafted file. An unauthenticated,     remote attacker can exploit this to consume excessive     memory resources. (CVE-2017-7941)

  - A denial of service vulnerability exists in the     ReadAVSImage() function within file coders/avs.c when     handling a specially crafted file. An unauthenticated,     remote attacker can exploit this to consume excessive     memory resources. (CVE-2017-7942)

  - A denial of service vulnerability exists in the     ReadSVGImage() function within file coders/svg.c when     handling a specially crafted file. An unauthenticated,     remote attacker can exploit this to consume excessive     memory resources. (CVE-2017-7943)

  - A denial of service vulnerability exists in the     ReadAAIImage() function within file aai.c when handling     specially crafted AAI files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8343)

  - A denial of service vulnerability exists in the     ReadPCXImage() function within file pcx.c when handling     specially crafted DCX files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8344)

  - A denial of service vulnerability exists in the     ReadMNGImage() function within file png.c when handling     specially crafted MNG files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8345)

  - A denial of service vulnerability exists in the     ReadDCMImage() function within file dcm.c when handling     specially crafted DCM files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8346)

  - A denial of service vulnerability exists in the     ReadEXRImage() function within file exr.c when handling     specially crafted EXR files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8347)

  - A denial of service vulnerability exists in the     ReadMATImage() function within file mat.c when handling     specially crafted MAT files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8348)

  - A denial of service vulnerability exists in the     ReadSFWImage() function within file sfw.c when handling     specially crafted SFW files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8349)

  - A denial of service vulnerability exists in the     ReadJNGImage() function within file png.c when handling     specially crafted JNG files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8350)

  - A denial of service vulnerability exists in the     ReadPCDImage() function within file pcd.c when handling     specially crafted PCD files. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8351)

  - A denial of service vulnerability exists in the     ReadXWDImage() function within file coders/xwd.c when     parsing XWD images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8352)

  - A denial of service vulnerability exists in the     ReadPICTImage() function within file coders/pict.c when     parsing PICT images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8353)

  - A denial of service vulnerability exists in the     ReadBMPImage() function within file coders/bmp.c when     parsing BMP images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8354)

  - A denial of service vulnerability exists in the     ReadMTVImage() function within file coders/mtv.c when     parsing MTV images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8355)

  - A denial of service vulnerability exists in the     ReadSUNImage() function within file coders/sun.c when     parsing SUN images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8356)

  - A denial of service vulnerability exists in the     ReadEPTImage() function within file coders/ept.c when     parsing EPT images. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8357)

  - A denial of service vulnerability exists in the     ReadICONImage() function within file coders/icon.c when     parsing ICON files. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to     consume excessive memory resources. (CVE-2017-8765)

  - A denial of service vulnerability exists in the     ReadBMPImage() function within file bmp.c when handling     a specially crafted file. An unauthenticated, remote     attacker can exploit this to consume excessive memory     resources. (CVE-2017-8830)

  - An out-of-bounds read error exists in the ReadRLEImage()     function within file coders/rle.c when handling image     color maps due to a missing initialization step. An     unauthenticated, remote attacker can exploit this to     disclose process memory contents. (CVE-2017-9098)

  - A denial of service vulnerability exists in the     ReadDDSImage() function within file coders/dds.c when     handling DDS images due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this to trigger an assertion failure.
    (CVE-2017-9141)

  - A denial of service vulnerability exists in the     ReadOneJNGImage() function within file coders/png.c when     handling JNG images due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this to trigger an assertion failure.
    (CVE-2017-9142)

  - A denial of service vulnerability exists in the     ReadARTImage() function within file coders/art.c when     handling specially crafted ART files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9143)

  - A flaw exists in the ReadRLEImage() function within file     coders/rle.c when reading run-length encoded image data.
    An unauthenticated, remote attacker can exploit this,     via specially crafted image files, to cause a denial of     service condition. (CVE-2017-9144)

  - A denial of service vulnerability exists in the     ReadOneMNGImage() function within file coders/png.c when     handling specially crafted MNG files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9261)

  - A denial of service vulnerability exists in the     ReadOneJNGImage() function within file coders/png.c when     handling specially crafted JNG files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9262)

  - A denial of service vulnerability exists in the     ReadICONImage() function within file coders/icon.c when     handling specially crafted ICO files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9405)

  - A denial of service vulnerability exists in the     ReadPALMImage() function within file coders/palm.c when     handling specially crafted PALM files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9407)

  - A denial of service vulnerability exists in the     ReadMPCImage() function within file coders/mpc.c when     handling specially crafted MPC files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9409)

  - A denial of service vulnerability exists in the     ReadPDBImage() function within file coders/pdb.c when     handling specially crafted PDB files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9439)

  - A denial of service vulnerability exists in the     ReadPSDChannelZip() function within file coders/psd.c     when handling specially crafted PSD files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9440)

  - A denial of service vulnerability exists in the     ResetImageProfileIterator() function within file     coders/dds.c when handling specially crafted DDS images.
    An unauthenticated, remote attacker can exploit this to     consume excessive memory resources. (CVE-2017-9500)

  - A denial of service vulnerability exists in the     ReadTGAImage() function within file coders/tga.c when     handling specially crafted VST files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources.

  - A denial of service vulnerability exists in the     RestoreMSCWarning() function within file coders/mat.c     when handling specially crafted MAT files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources.

  - A denial of service vulnerability exists in the     ReadXWDImage() function within file coders/xwd.c     when handling specially crafted XWD files. An     unauthenticated, remote attacker can exploit this to     consume excessive memory resources.

  - A flaw exists in the ReadDCMImage() function within file     coders/dcm.c when handling DCM image color maps. An     unauthenticated, remote attacker can exploit this, via     a specially crafted image, to cause a denial of service     condition.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Please reference CVE/URL list for details

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

Two security vulnerabilities were discovered in imagemagick that allow remote attackers to cause a denial of service (application crash and infinite loop) or possibly other unspecified impact via a crafted image.

For Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u13.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
100847	ImageMagick 6.x < 6.9.8-10 / 7.x < 7.0.5-9 Multiple Vulnerabilities	Nessus	Windows	medium
100547	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : imagemagick vulnerabilities (USN-3302-1)	Nessus	Ubuntu Local Security Checks	high
100441	FreeBSD : ImageMagick -- multiple vulnerabilities (50776801-4183-11e7-b291-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
100433	Debian DSA-3863-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high
99443	Debian DLA-902-1 : imagemagick security update	Nessus	Debian Local Security Checks	medium

CVE-2017-7619

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

high

high

high

medium