SB2017081618 - SUSE Linux update for ImageMagick

Security Bulletin ID SB2017081618

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2017-11403)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.

2) Memory leak (CVE-ID: CVE-2017-9439)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in ReadPDBImage() function in coders/pdb.c. A remote attacker can create a specially crafted file, trick the victim into opening it and trigger denial of service attack.

3) Reachable Assertion (CVE-ID: CVE-2017-9501)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00049.html