SB2018052112 - Debian update for imagemagick

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Heap-based buffer over-read (CVE-ID: CVE-2017-10995)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the mng_get_long function in coders/png.c due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted MNG image, trigger memory corruption and cause the service to crash.

2) Heap-based buffer over-read (CVE-ID: CVE-2017-11533)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the WriteUILImage() function in coders/uil.c due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the service to crash.

3) Heap-based buffer overread (CVE-ID: CVE-2017-11535)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer over-read in the WritePSImage() function in coders/ps.c. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Heap-based buffer over-read (CVE-ID: CVE-2017-11639)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h, due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the service to crash.

5) Information disclosure (CVE-ID: CVE-2017-13143)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the ReadMATImage function in coders/mat.c due to using uninitialized data. A remote attacker can gain access to potentially sensitive information from process memory.

6) Buffer over-read (CVE-ID: CVE-2017-17504)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a specially crafted file, related to ReadOneMNGImage. A remote attacker can perform a denial of service attack.

7) Buffer over-read (CVE-ID: CVE-2017-17879)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. A remote attacker can perform a denial of service attack.

8) Heap-based buffer over-read (CVE-ID: CVE-2018-5248)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function, due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://www.debian.org/security/2018/dsa-4204