SB2017121912 - Multiple vulnerabilities in ImageMagick

Main Vulnerability Database SB2017121912

SB2017121912 - Multiple vulnerabilities in ImageMagick

Published: December 19, 2017 Updated: May 29, 2018

Security Bulletin ID SB2017121912

Severity

Low

Patch available

YES

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2017-1000476)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function ReadDDSInfo in coders/dds.c due to CPU exhaustion. A remote attacker can cause the service to crash.

2) Heap-based buffer over-read (CVE-ID: CVE-2017-10928)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the GetNextToken function in token.c due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted SVG document and gain access to potentially sensitive information.

3) Improper input validation (CVE-ID: CVE-2017-11450)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can cause the service to crash via JPEG data that is too short.

4) Memory corruption (CVE-ID: CVE-2017-14325)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function PersistPixelCache in magick/cache.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file, trigger memory consumption and cause the service to crash.

5) Memory leak (CVE-ID: CVE-2017-17887)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function GetImagePixelCache in magick/cache.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted MNG image file that is processed by ReadOneMNGImage and cause the service to crash.

6) NULL pointer dereference (CVE-ID: CVE-2017-18250)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function LogOpenCLBuildFailure in MagickCore/opencl.c due to NULL pointer dereference. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

7) Memory leak (CVE-ID: CVE-2017-18251)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function ReadPCDImage in coders/pcd.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

8) Improper input validation (CVE-ID: CVE-2017-18252)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the MogrifyImageList function in MagickWand/mogrify.c due to assertion failure. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

9) Memory leak (CVE-ID: CVE-2017-18254)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function WriteGIFImage in coders/gif.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

10) Infinite loop (CVE-ID: CVE-2017-18271)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop in the function ReadMIFFImage in coders/miff.c. A remote attacker can submit a specially crafted MIFF image file, trigger CPU exhaustion and cause the service to crash.

Remediation

Install update from vendor's website.

References