In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5974-1 advisory.

  - In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage     function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because     the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
    (CVE-2018-20184)

  - In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash     and denial of service via a dib file that is crafted to appear with direct pixel values and also     colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
    (CVE-2018-20189)

  - In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function     (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an     image file with a crafted bit-field mask value. (CVE-2018-5685)

  - In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote     attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
    (CVE-2018-9018)

  - In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function     ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information     disclosure via an RLE packet. (CVE-2019-11006)

  - GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
    (CVE-2020-12672)

  - In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

New bugfix and security upstream release, see http://www.graphicsmagick.org/NEWS.html#december-24-2019

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

Various vulnerabilities were discovered in graphicsmagick, a collection of image processing tools and associated libraries, resulting in denial of service, information disclosure, and a variety of buffer overflows and overreads.

For Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u4.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14325: In ImageMagick, a memory leak     vulnerability was found in the function     PersistPixelCache in magick/cache.c, which allowed     attackers to cause a denial of service (memory     consumption in ReadMPCImage in coders/mpc.c) via a     crafted file. [bsc#1058635]

  - CVE-2017-17887: In ImageMagick, a memory leak     vulnerability was found in the function     GetImagePixelCache in magick/cache.c, which allowed     attackers to cause a denial of service via a crafted MNG     image file that is processed by ReadOneMNGImage.
    [bsc#1074117]

  - CVE-2017-18250: A NULL pointer dereference vulnerability     was found in the function LogOpenCLBuildFailure in     MagickCore/opencl.c, which could lead to a denial of     service via a crafted file. [bsc#1087039]

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick did not properly restrict     memory allocation, leading to a heap-based buffer     over-read. [bsc#1086782]

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-9135: heap-based buffer over-read in     IsWEBPImageLossless in coders/webp.c could lead to     denial of service. [bsc#1087825]

  - CVE-2018-10177: In ImageMagick, there was an infinite     loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability     to cause a denial of service via a crafted mng file.
    [bsc#1089781]

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14325: In ImageMagick, a memory leak     vulnerability was found in the function     PersistPixelCache in magick/cache.c, which allowed     attackers to cause a denial of service (memory     consumption in ReadMPCImage in coders/mpc.c) via a     crafted file. [bsc#1058635]

  - CVE-2017-17887: In ImageMagick, a memory leak     vulnerability was found in the function     GetImagePixelCache in magick/cache.c, which allowed     attackers to cause a denial of service via a crafted MNG     image file that is processed by ReadOneMNGImage.
    [bsc#1074117]

  - CVE-2017-18250: A NULL pointer dereference vulnerability     was found in the function LogOpenCLBuildFailure in     MagickCore/opencl.c, which could lead to a denial of     service via a crafted file. [bsc#1087039]

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick did not properly restrict     memory allocation, leading to a heap-based buffer     over-read. [bsc#1086782]

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-9135: heap-based buffer over-read in     IsWEBPImageLossless in coders/webp.c could lead to     denial of service. [bsc#1087825]

  - CVE-2018-10177: In ImageMagick, there was an infinite     loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability     to cause a denial of service via a crafted mng file.
    [bsc#1089781]

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - security update (png.c)

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-10177: there is an infinite loop in the     ReadOneMNGImagefunction of the coders/png.c file. Remote     attackers could leverage thisvulnerability to cause a     denial of service (bsc#1089781)

  - security update (wand)

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (core)

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

  - security update (pcd.c)

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (tiff.c)

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick memory allocation issue     could lead to denial of service (bsc#1086782)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following issues :

  - security update (core)

  - CVE-2018-6799: The AcquireCacheNexus function in     magick/pixel_cache.c in GraphicsMagick before 1.3.28     allows remote attackers to cause a denial of service     (heap overwrite) or possibly have unspecified other     impact via a crafted image file, because a pixel staging     area is not used. [boo#1080522]

  - security update (png.c)

  - CVE-2018-9018: In GraphicsMagick 1.3.28, there is a     divide-by-zero in the ReadMNGImage function of     coders/png.c. Remote attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [boo#1086773]

  - security update (gif.c)

  - CVE-2017-18254: An issue was discovered in ImageMagick     7.0.7. A memory leak vulnerability was found in the     function WriteGIFImage in coders/gif.c, which allow     remote attackers to cause a denial of service via a     crafted file. [boo#1087027]

  - security update (pcd.c)

  - CVE-2017-18251: An issue was discovered in ImageMagick     7.0.7. A memory leak vulnerability was found in the     function ReadPCDImage in coders/pcd.c, which allow     remote attackers to cause a denial of service via a     crafted file. [boo#1087037]

  - CVE-2017-18229: An issue was discovered in     GraphicsMagick 1.3.26. An allocation failure     vulnerability was found in the function ReadTIFFImage in     coders/tiff.c, which allows attackers to cause a denial     of service via a crafted file, because file size is not     properly used to restrict scanline, strip, and tile     allocations. [boo#1085236]

  - CVE-2017-11641: GraphicsMagick 1.3.26 has a Memory Leak     in the PersistCache function in magick/pixel_cache.c     during writing of Magick Persistent Cache (MPC)     files.[boo#1050623]

  - CVE-2017-13066: GraphicsMagick 1.3.26 has a memory leak     vulnerability in the function CloneImage in     magick/image.c. [boo#1055010]

  - CVE-2018-10177: Specially crafted PNG images may have     triggered an infinite loop [bsc#1089781]

Various security issues were discovered in Graphicsmagick, a collection of image processing tools.

CVE-2017-18219 An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.

CVE-2017-18220 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.

CVE-2017-18229 An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.

CVE-2017-18230 A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-18231 A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.

CVE-2018-9018 There is a divide-by-zero error in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u19.

We recommend that you upgrade your graphicsmagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
173434	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : GraphicsMagick vulnerabilities (USN-5974-1)	Nessus	Ubuntu Local Security Checks	critical
132785	Fedora 30 : GraphicsMagick (2019-f12cb1ddab)	Nessus	Fedora Local Security Checks	medium
132779	Fedora 31 : GraphicsMagick (2019-210b0a6e4f)	Nessus	Fedora Local Security Checks	medium
118179	Debian DSA-4321-1 : graphicsmagick - security update	Nessus	Debian Local Security Checks	critical
111520	Debian DLA-1456-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	critical
109715	openSUSE Security Update : ImageMagick (openSUSE-2018-442)	Nessus	SuSE Local Security Checks	high
109673	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1178-1)	Nessus	SuSE Local Security Checks	high
109550	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:1129-1)	Nessus	SuSE Local Security Checks	high
109521	openSUSE Security Update : GraphicsMagick (openSUSE-2018-407)	Nessus	SuSE Local Security Checks	critical
108692	Debian DLA-1322-1 : graphicsmagick security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-9018

medium

Tenable Plugins

critical

medium

medium

critical

critical

high

high

high

critical

high