SB2017071312 - Multiple vulnerabilities in ImageMagick
Published: July 13, 2017 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-13140)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
2) Input validation error (CVE-ID: CVE-2017-12667)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in codersmat.c.
3) Out-of-bounds read (CVE-ID: CVE-2017-12640)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to out-of-bounds read in ReadOneMNGImage in coders/png.c. A remote attacker can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2017-12641)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coderspng.c.
5) Input validation error (CVE-ID: CVE-2017-12642)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in codersmpc.c.
6) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12643)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coderspng.c.
7) Input validation error (CVE-ID: CVE-2017-12428)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
8) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12429)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
9) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12430)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
10) Use-after-free (CVE-ID: CVE-2017-12431)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
11) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12432)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
12) Input validation error (CVE-ID: CVE-2017-12433)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
13) Reachable Assertion (CVE-ID: CVE-2017-12434)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
14) Memory leak (CVE-ID: CVE-2017-11644)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadMATImage() function in coders/mat.c. A remote attacker can perform a denial of service attack.
15) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-11525)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
16) Memory leak (CVE-ID: CVE-2017-11531)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteHISTOGRAMImage() function in coders/histogram.c. A remote attacker can perform a denial of service attack.
17) Memory leak (CVE-ID: CVE-2017-11534)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lite_font_map() function in coders/wmf.c. A remote attacker can perform a denial of service attack.
18) Memory leak (CVE-ID: CVE-2017-11536)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteJP2Image() function in coders/jp2.c. A remote attacker can perform a denial of service attack.
19) Incorrect calculation (CVE-ID: CVE-2017-11537)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
20) Memory leak (CVE-ID: CVE-2017-11538)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteOnePNGImage() function in coders/png.c. A remote attacker can perform a denial of service attack.
21) Memory leak (CVE-ID: CVE-2017-11539)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadOnePNGImage() function in coders/png.c. A remote attacker can perform a denial of service attack.
22) Out-of-bounds read (CVE-ID: CVE-2017-11540)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
23) NULL pointer dereference (CVE-ID: CVE-2017-11522)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.
24) Input validation error (CVE-ID: CVE-2017-11505)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
25) Infinite loop (CVE-ID: CVE-2017-11446)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadPESImage function in coderspes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
26) Input validation error (CVE-ID: CVE-2017-11360)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadRLEImage function in coders le.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
27) Input validation error (CVE-ID: CVE-2017-11310)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The read_user_chunk_callback function in coderspng.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
Remediation
Install update from vendor's website.
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111
- https://github.com/ImageMagick/ImageMagick/issues/596
- https://security.gentoo.org/glsa/201711-07
- https://www.debian.org/security/2017/dsa-4019
- https://github.com/ImageMagick/ImageMagick/commit/8985ed08f01d465ee65ab5a106186b3868b6f601
- https://github.com/ImageMagick/ImageMagick/issues/553
- http://www.securityfocus.com/bid/100155
- https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
- https://github.com/ImageMagick/ImageMagick/issues/542
- https://usn.ubuntu.com/3681-1/
- https://www.debian.org/security/2017/dsa-4040
- https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
- https://github.com/ImageMagick/ImageMagick/issues/550
- http://www.securityfocus.com/bid/100159
- https://github.com/ImageMagick/ImageMagick/issues/552
- http://www.securityfocus.com/bid/100218
- https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
- https://github.com/ImageMagick/ImageMagick/issues/549
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- http://www.securityfocus.com/bid/100145
- https://github.com/ImageMagick/ImageMagick/issues/544
- https://github.com/ImageMagick/ImageMagick/issues/545
- http://www.securityfocus.com/bid/100157
- https://github.com/ImageMagick/ImageMagick/issues/546
- https://github.com/ImageMagick/ImageMagick/issues/555
- https://github.com/ImageMagick/ImageMagick/issues/536
- https://github.com/ImageMagick/ImageMagick/issues/548
- https://github.com/ImageMagick/ImageMagick/issues/547
- http://www.securityfocus.com/bid/100014
- https://github.com/ImageMagick/ImageMagick/issues/587
- http://www.securityfocus.com/bid/99931
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867810
- https://github.com/ImageMagick/ImageMagick/issues/519
- http://www.securityfocus.com/bid/99998
- https://github.com/ImageMagick/ImageMagick/issues/566
- https://github.com/ImageMagick/ImageMagick/issues/564
- http://www.securityfocus.com/bid/100000
- https://github.com/ImageMagick/ImageMagick/issues/567
- https://github.com/ImageMagick/ImageMagick/issues/560
- http://www.securityfocus.com/bid/100003
- https://github.com/ImageMagick/ImageMagick/issues/569
- http://www.securityfocus.com/bid/99936
- https://github.com/ImageMagick/ImageMagick/issues/582
- http://www.securityfocus.com/bid/99929
- https://github.com/ImageMagick/ImageMagick/issues/581
- https://bugs.debian.org/869209
- https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
- https://github.com/ImageMagick/ImageMagick/issues/586
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867824
- https://github.com/ImageMagick/ImageMagick/issues/526
- http://www.securityfocus.com/bid/99964
- https://github.com/ImageMagick/ImageMagick/issues/537
- https://github.com/ImageMagick/ImageMagick/issues/518
- http://www.securityfocus.com/bid/99585
- https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
- https://github.com/ImageMagick/ImageMagick/issues/517