SB2018012223 - Fedora 27 update for GraphicsMagick
Published: January 22, 2018 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2017-11102)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
2) Double Free (CVE-ID: CVE-2017-11139)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
3) Resource exhaustion (CVE-ID: CVE-2017-11140)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
4) NULL pointer dereference (CVE-ID: CVE-2017-11637)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. A remote attacker can perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2017-11636)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
6) Memory leak (CVE-ID: CVE-2017-11641)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the PersistCache function in magick/pixel_cache.c due to memory leak during writing of Magick Persistent Cache (MPC) files. A remote attacker can trigger memory corruption and cause the service to crash.
7) Buffer overflow (CVE-ID: CVE-2017-11643)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
8) Input validation error (CVE-ID: CVE-2017-13147)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
9) Heap-based buffer overflow (CVE-ID: CVE-2017-16669)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to heap-based buffer overflow in coders/wpg.c. A remote attacker can provide a specially crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Memory corruption (CVE-ID: CVE-2017-16353)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the DescribeImage function of the magick/describe.c file due to heap-based buffer over-read because the portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image and out-of-bounds buffer dereference because certain increments are never checked. A remote attacker can trick the victim into opening a specially crafted MIFF file and gain access to potentially sensitive information.
11) Out-of-bounds read (CVE-ID: CVE-2017-17782)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. A remote attacker can perform a denial of service attack.
12) Out-of-bounds read (CVE-ID: CVE-2017-17783)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. A remote attacker can perform a denial of service attack.
13) Out-of-bounds read (CVE-ID: CVE-2017-17915)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. A remote attacker can perform a denial of service attack.
14) Buffer over-read (CVE-ID: CVE-2017-17913)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. A remote attacker can perform a denial of service attack.
15) Buffer over-read (CVE-ID: CVE-2017-17912)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.