https://github.com/ImageMagick/ImageMagick/issues/1601

https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b

https://github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34

openSUSE-SU-2019:1983

USN-4192-1

DSA-4712

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadBMPImage in     coders/bmp.c.(CVE-2019-13133)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadVIFFImage in     coders/viff.c.(CVE-2019-13134)

  - ImageMagick version 7.0.7-28 contains a memory leak in     WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

  - In ImageMagick 7.0.7-28, there is an infinite loop in     the ReadOneMNGImage function of the coders/png.c file.
    Remote attackers could leverage this vulnerability to     cause a denial of service via a crafted mng     file.(CVE-2018-10177)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL     check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob     assertion failure and application exit) via a crafted     file.(CVE-2018-16749)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WritePSDChannel in coders/psd.c.(CVE-2019-7395)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

  - A NULL pointer dereference in the function     ReadPANGOImage in coders/pango.c and the function     ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34     allows remote attackers to cause a denial of service     via a crafted image.(CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in     the WriteDPXImage function in     coders/dpx.c.(CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the     ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the WriteJP2Image function in     coders/jp2.c.(CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the ReadPANGOImage function in     coders/pango.c.(CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in     magick/image.c.(CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadPSImage in     coders/ps.c.(CVE-2019-13137)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is     mishandled.(CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is     mishandled.(CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns.(CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment.(CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one     error.(CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors.(CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows.(CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in     AcquireMagickMemory because of an AnnotateImage     error.(CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of mishandling the     NoSuchImage error in CLIListOperatorImages in     MagickWand/operation.c.(CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c.(CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of a wand/mogrify.c     error.(CVE-2019-13311)

  - In ImageMagick 7.0.8-50 Q16, ComplexImages in     MagickCore/fourier.c has a heap-based buffer over-read     because of incorrect calls to     GetCacheViewVirtualPixels.(CVE-2019-13391)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow in MagickCore/fourier.c in     ComplexImage.(CVE-2019-13308)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in     RemoveDuplicateLayers in     MagickCore/layer.c.(CVE-2019-13454)

  - ImageMagick version 7.0.7-28 contains a memory leak in     ReadYCBCRImage in coders/ycbcr.c.(CVE-2018-10805)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick version 7.0.7-28 contains a memory leak in     ReadYCBCRImage in coders/ycbcr.c.(CVE-2018-10805)

  - ImageMagick version 7.0.7-28 contains a memory leak in     WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

  - In ImageMagick 7.0.7-28, there is an infinite loop in     the ReadOneMNGImage function of the coders/png.c file.
    Remote attackers could leverage this vulnerability to     cause a denial of service via a crafted mng     file.(CVE-2018-10177)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL     check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob     assertion failure and application exit) via a crafted     file.(CVE-2018-16749)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WritePSDChannel in coders/psd.c.(CVE-2019-7395)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

  - A NULL pointer dereference in the function     ReadPANGOImage in coders/pango.c and the function     ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34     allows remote attackers to cause a denial of service     via a crafted image.(CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in     the WriteDPXImage function in     coders/dpx.c.(CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the     ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the WriteJP2Image function in     coders/jp2.c.(CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the ReadPANGOImage function in     coders/pango.c.(CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in     magick/image.c.(CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadPSImage in     coders/ps.c.(CVE-2019-13137)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is     mishandled.(CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is     mishandled.(CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns.(CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment.(CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one     error.(CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors.(CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows.(CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in     AcquireMagickMemory because of an AnnotateImage     error.(CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of mishandling the     NoSuchImage error in CLIListOperatorImages in     MagickWand/operation.c.(CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c.(CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of a wand/mogrify.c     error.(CVE-2019-13311)

  - In ImageMagick 7.0.8-50 Q16, ComplexImages in     MagickCore/fourier.c has a heap-based buffer over-read     because of incorrect calls to     GetCacheViewVirtualPixels.(CVE-2019-13391)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow in MagickCore/fourier.c in     ComplexImage.(CVE-2019-13308)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in     RemoveDuplicateLayers in     MagickCore/layer.c.(CVE-2019-13454)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadPSImage in     coders/ps.c.(CVE-2019-13137)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadVIFFImage in     coders/viff.c.(CVE-2019-13134)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadBMPImage in     coders/bmp.c.(CVE-2019-13133)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2019-13301: Fixed a memory leak in     AcquireMagickMemory() (bsc#1140554).

  - CVE-2019-13309: Fixed a memory leak at     AcquireMagickMemory due to mishandling the NoSuchImage     error in CLIListOperatorImages (bsc#1140520).

  - CVE-2019-13310: Fixed a memory leak at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c (bsc#1140501).

  - CVE-2019-13311: Fixed a memory leak at     AcquireMagickMemory because of a wand/mogrify.c error     (bsc#1140513).

  - CVE-2019-13303: Fixed a heap-based buffer over-read in     MagickCore/composite.c in CompositeImage (bsc#1140549).

  - CVE-2019-13296: Fixed a memory leak in     AcquireMagickMemory because of an error in     CLIListOperatorImages in MagickWand/operation.c     (bsc#1140665).

  - CVE-2019-13299: Fixed a heap-based buffer over-read at     MagickCore/pixel-accessor.h in GetPixelChannel     (bsc#1140668).

  - CVE-2019-13454: Fixed a division by zero in     RemoveDuplicateLayers in MagickCore/layer.c     (bsc#1141171).

  - CVE-2019-13295: Fixed a heap-based buffer over-read at     MagickCore/threshold.c in AdaptiveThresholdImage     (bsc#1140664).

  - CVE-2019-13297: Fixed a heap-based buffer over-read at     MagickCore/threshold.c in AdaptiveThresholdImage     (bsc#1140666).

  - CVE-2019-12979: Fixed the use of uninitialized values in     SyncImageSettings() (bsc#1139886).

  - CVE-2019-13391: Fixed a heap-based buffer over-read in     MagickCore/fourier.c (bsc#1140673).

  - CVE-2019-13308: Fixed a heap-based buffer overflow in     MagickCore/fourier.c (bsc#1140534).

  - CVE-2019-13302: Fixed a heap-based buffer over-read in     MagickCore/fourier.c in ComplexImages (bsc#1140552).

  - CVE-2019-13298: Fixed a heap-based buffer overflow at     MagickCore/pixel-accessor.h in SetPixelViaPixelInfo     (bsc#1140667).

  - CVE-2019-13300: Fixed a heap-based buffer overflow at     MagickCore/statistic.c in EvaluateImages (bsc#1140669).

  - CVE-2019-13307: Fixed a heap-based buffer overflow at     MagickCore/statistic.c (bsc#1140538).

  - CVE-2019-12977: Fixed the use of uninitialized values in     WriteJP2Imag() (bsc#1139884).

  - CVE-2019-12975: Fixed a memory leak in the     WriteDPXImage() in coders/dpx.c (bsc#1140106).

  - CVE-2019-13135: Fixed the use of uninitialized values in     ReadCUTImage() (bsc#1140103).

  - CVE-2019-12978: Fixed the use of uninitialized values in     ReadPANGOImage() (bsc#1139885).

  - CVE-2019-12974: Fixed a NULL pointer dereference in the     ReadPANGOImage() (bsc#1140111).

  - CVE-2019-13304: Fixed a stack-based buffer overflow at     coders/pnm.c in WritePNMImage (bsc#1140547).

  - CVE-2019-13305: Fixed one more stack-based buffer     overflow at coders/pnm.c in WritePNMImage (bsc#1140545).

  - CVE-2019-13306: Fixed an additional stack-based buffer     overflow at coders/pnm.c in WritePNMImage (bsc#1140543).

  - CVE-2019-13133: Fixed a memory leak in the     ReadBMPImage() (bsc#1140100).

  - CVE-2019-13134: Fixed a memory leak in the     ReadVIFFImage() (bsc#1140102).

  - CVE-2019-13137: Fixed a memory leak in the ReadPSImage()     (bsc#1140105).

  - CVE-2019-13136: Fixed a integer overflow vulnerability     in the TIFFSeekCustomStream() (bsc#1140104).

  - CVE-2019-12976: Fixed a memory leak in the     ReadPCLImage() in coders/pcl.c(bsc#1140110).

This update was imported from the SUSE:SLE-15:Update update project.

This update for ImageMagick fixes the following issues :

CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554).

CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520).

CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501).

CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513).

CVE-2019-13303: Fixed a heap-based buffer over-read in MagickCore/composite.c in CompositeImage (bsc#1140549).

CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665).

CVE-2019-13299: Fixed a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668).

CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171).

CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).

CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).

CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886).

CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673).

CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534).

CVE-2019-13302: Fixed a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages (bsc#1140552).

CVE-2019-13298: Fixed a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667).

CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669).

CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538).

CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag() (bsc#1139884).

CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106).

CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103).

CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885).

CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111).

CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140547).

CVE-2019-13305: Fixed one more stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140545).

CVE-2019-13306: Fixed an additional stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140543).

CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).

CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).

CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105).

CVE-2019-13136: Fixed a integer overflow vulnerability in the TIFFSeekCustomStream() (bsc#1140104).

CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of ImageMagick installed on the remote Windows host is prior to 7.0.8-56. It is, therefore, affected by multiple vulnerabilities:

  - An integer overflow condition exists in the TIFFSeekCustomStream function. An unauthenticated, remote attacker can     exploit this, by convincing a user to open a crafted image file, to cause a denial of service condition or the     execution of arbitrary code (CVE-2019-13136).
  - A stack-based buffer overflow condition exists in the WritePNMImage function due to an off-by-one error. An     unauthenticated,remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a     denial of service condition or the execution of arbitrary code (CVE-2019-13306).

  - A heap-based buffer overflow condition exists in the EvaluateImages function due to a mishandling of rows. An     unauthenticated, remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a     denial of service condition or the execution of arbitrary code (CVE-2019-13307).

Note that the application may also be affected by additional vulnerabilities. Refer to the vendor for additional information.

ID	Name	Product	Family	Severity
142319	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2020-2349)	Nessus	Huawei Local Security Checks	high
140857	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-2090)	Nessus	Huawei Local Security Checks	high
137912	Debian DSA-4712-1 : imagemagick - security update	Nessus	Debian Local Security Checks	critical
131347	EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2019-2281)	Nessus	Huawei Local Security Checks	medium
131072	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : ImageMagick vulnerabilities (USN-4192-1)	Nessus	Ubuntu Local Security Checks	high
128070	openSUSE Security Update : ImageMagick (openSUSE-2019-1983)	Nessus	SuSE Local Security Checks	high
127790	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:2106-1)	Nessus	SuSE Local Security Checks	high
127051	ImageMagick < 7.0.8-56 Multiple vulnerabilities	Nessus	Windows	high

CVE-2019-13137

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

critical

medium

high

high

high

high