openSUSE Security Update : ImageMagick (openSUSE-2018-343)

critical Nessus Plugin ID 108935

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ImageMagick fixes several issues.

These security issues were fixed :

- CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011).

- CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087).

- CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628).

- CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634).

- CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290).

- CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382).

- CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170).

- CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168).

- CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630).

- CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434).

- CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735).

- CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837).

- CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792).

- CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291).

- CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283).

- CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362).

- CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348). This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected ImageMagick packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1043290

https://bugzilla.opensuse.org/show_bug.cgi?id=1050087

https://bugzilla.opensuse.org/show_bug.cgi?id=1056434

https://bugzilla.opensuse.org/show_bug.cgi?id=1058630

https://bugzilla.opensuse.org/show_bug.cgi?id=1059735

https://bugzilla.opensuse.org/show_bug.cgi?id=1060382

https://bugzilla.opensuse.org/show_bug.cgi?id=1066168

https://bugzilla.opensuse.org/show_bug.cgi?id=1066170

https://bugzilla.opensuse.org/show_bug.cgi?id=1082283

https://bugzilla.opensuse.org/show_bug.cgi?id=1082291

https://bugzilla.opensuse.org/show_bug.cgi?id=1082348

https://bugzilla.opensuse.org/show_bug.cgi?id=1082362

https://bugzilla.opensuse.org/show_bug.cgi?id=1082792

https://bugzilla.opensuse.org/show_bug.cgi?id=1082837

https://bugzilla.opensuse.org/show_bug.cgi?id=1083628

https://bugzilla.opensuse.org/show_bug.cgi?id=1083634

https://bugzilla.opensuse.org/show_bug.cgi?id=1086011

Plugin Details

Severity: Critical

ID: 108935

File Name: openSUSE-2018-343.nasl

Version: 1.4

Type: local

Agent: unix

Published: 4/10/2018

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:novell:opensuse:42.3:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-devel-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-extra:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:imagemagick-extra-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickcore-6_q16-1:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickcore-6_q16-1-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickcore-6_q16-1-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickwand-6_q16-1:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickwand-6_q16-1-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickwand-6_q16-1-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:perl-perlmagick:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:perl-perlmagick-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-6_q16-3:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-6_q16-3-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-6_q16-3-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-6_q16-3-debuginfo-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:libmagick\+\+-devel-32bit:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/6/2018

Reference Information

CVE: CVE-2017-11524, CVE-2017-12692, CVE-2017-12693, CVE-2017-13768, CVE-2017-14314, CVE-2017-14505, CVE-2017-14739, CVE-2017-15016, CVE-2017-15017, CVE-2017-16352, CVE-2017-16353, CVE-2017-18209, CVE-2017-18211, CVE-2017-9500, CVE-2018-7443, CVE-2018-7470, CVE-2018-8804