SB2017060606 - Multiple vulnerabilities in ImageWorsener
Published: June 6, 2017 Updated: June 7, 2017
Security Bulletin ID
SB2017060606
Severity
Low
Patch available
YES
Number of vulnerabilities
9
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Null pointer dereference (CVE-ID: CVE-2017-7452)
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.2) Null pointer dereference (CVE-ID: CVE-2017-7453)
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.3) Heap-based buffer over-read (CVE-ID: CVE-2017-7454)
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.4) Stack-based buffer over-read (CVE-ID: CVE-2017-7939)
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.5) Memory corruption (CVE-ID: CVE-2017-7940)
Software is missing in databaseThe iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.6) Divide by zero (CVE-ID: CVE-2017-7962)
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.7) Heap-based buffer overflow (CVE-ID: CVE-2017-8325)
The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image.8) Denial of service (CVE-ID: CVE-2017-8326)
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c.9) Memory corruption (CVE-ID: CVE-2017-8327)
The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.Remediation
Install update from vendor's website.
References
- https://github.com/jsummers/imageworsener/issues/8
- https://github.com/jsummers/imageworsener/issues/9
- https://github.com/jsummers/imageworsener/issues/11
- https://github.com/jsummers/imageworsener/issues/13
- https://github.com/jsummers/imageworsener/issues/18
- https://github.com/jsummers/imageworsener/issues/15
- https://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5eeedc8fb6
- https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738