SB2017053010 - Ubuntu update for ImageMagick
Published: May 30, 2017 Updated: June 2, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Type confusion (CVE-ID: CVE-2017-7606)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists due to a type confusion error within coders/rle.c in ImageMagick 7.0.5-4. A remote attacker can create a specially crafted file and trigger application crash.
2) Infinite loop (CVE-ID: CVE-2017-7619)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exist due to a floating-point rounding error in some of the color algorithms in ImageMagick 7.0.4-9, affecting ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
3) Resource exhaustion (CVE-ID: CVE-2017-7941)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing a specially crafted file in The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4. A remote attacker can perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2017-7943)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing a specially crafted file in The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4. A remote attacker can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2017-8343)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadAAIImage function in aai.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
6) Memory leak (CVE-ID: CVE-2017-8344)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadPCXImage function in pcx.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
7) Memory leak (CVE-ID: CVE-2017-8345)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadMNGImage function in png.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
8) Memory leak (CVE-ID: CVE-2017-8346)
The vulnerability allows a remote unauthenticated attacker to cause DoS conditions on the target system.The weakness exists due to memory leak in ReadDCMImage function in dcm.c when handling malicious files. A remote attacker can send a specially crafted image file, trigger boundary error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Memory leak (CVE-ID: CVE-2017-8347)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadEXRImage function in exr.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
10) Memory leak (CVE-ID: CVE-2017-8348)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadMATImage function in mat.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
11) Memory leak (CVE-ID: CVE-2017-8349)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadSFWImage function in sfw.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform a denial of service attack.
12) Memory leak (CVE-ID: CVE-2017-8350)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadJNGImage function in png.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
13) Memory leak (CVE-ID: CVE-2017-8351)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
14) Memory leak (CVE-ID: CVE-2017-8352)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
15) Memory leak (CVE-ID: CVE-2017-8353)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
16) Memory leak (CVE-ID: CVE-2017-8354)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
17) Memory leak (CVE-ID: CVE-2017-8355)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
18) Memory leak (CVE-ID: CVE-2017-8356)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
19) Memory leak (CVE-ID: CVE-2017-8357)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c. A remote attacker can create a specially crafted file and perform a denial of service attack.
20) Memory leak (CVE-ID: CVE-2017-8765)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The function named ReadICONImage in codersicon.c in ImageMagick 7.0.5-5 has being found susceptible to a memory leak. A remote attacker can create a specially crafted ICON file and perform a denial of service attack.
21) Memory leak (CVE-ID: CVE-2017-8830)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379. A remote attacker can create a specially crafted file and perform a denial of service attack.
22) Memory leak (CVE-ID: CVE-2017-9098)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists due to memory leak in in the RLE decoder in ImageMagick before 7.0.5-2 . A remote attacker can create create a specially crafted image file and gain access to certain parts of memory and trigger application crash.
23) Assertion failure (CVE-ID: CVE-2017-9141)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exist due to missing checks in the ReadDDSImage function in coders/dds.c within the ResetImageProfileIterator function in MagickCore/profile.c in ImageMagick 7.0.5-7 Q16. A remote attacker can create a specially crafted file and trigger assertion failure.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
24) Assertion failure (CVE-ID: CVE-2017-9142)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exist due to missing checks in the ReadOneJNGImage function in coders/png.c within the WriteBlob function in MagickCore/blob. in ImageMagick 7.0.5-7 Q16. A remote attacker can create a specially crafted file and trigger assertion failure.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2017-9143)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c. A remote attacker can create a specially crafted .art file and perform a denial of service attack.
26) Improper input validation (CVE-ID: CVE-2017-9144)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect EOF handling when processing a specially crafted RLE image in coders/rle.c in ImageMagick 7.0.5-5. A remote attacker can create a specially crafted file and perform denial of service attack.
27) Memory leak (CVE-ID: CVE-2017-7942)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists in the ReadAVSImage() function within avs.c in ImageMagick 7.0.5-4. A remote attacker can consume an amount of available memory via a crafted file.
Remediation
Install update from vendor's website.