SB2017071312 - Multiple vulnerabilities in ImageMagick
Published: July 13, 2017 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-13140)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
2) Input validation error (CVE-ID: CVE-2017-12667)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in codersmat.c.
3) Out-of-bounds read (CVE-ID: CVE-2017-12640)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to out-of-bounds read in ReadOneMNGImage in coders/png.c. A remote attacker can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2017-12641)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coderspng.c.
5) Input validation error (CVE-ID: CVE-2017-12642)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in codersmpc.c.
6) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12643)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coderspng.c.
7) Input validation error (CVE-ID: CVE-2017-12428)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
8) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12429)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
9) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12430)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
10) Use-after-free (CVE-ID: CVE-2017-12431)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
11) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-12432)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
12) Input validation error (CVE-ID: CVE-2017-12433)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
13) Reachable Assertion (CVE-ID: CVE-2017-12434)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
14) Memory leak (CVE-ID: CVE-2017-11644)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadMATImage() function in coders/mat.c. A remote attacker can perform a denial of service attack.
15) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-11525)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
16) Memory leak (CVE-ID: CVE-2017-11531)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteHISTOGRAMImage() function in coders/histogram.c. A remote attacker can perform a denial of service attack.
17) Memory leak (CVE-ID: CVE-2017-11534)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lite_font_map() function in coders/wmf.c. A remote attacker can perform a denial of service attack.
18) Memory leak (CVE-ID: CVE-2017-11536)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteJP2Image() function in coders/jp2.c. A remote attacker can perform a denial of service attack.
19) Incorrect calculation (CVE-ID: CVE-2017-11537)
CWE-ID: CWE-682 - Incorrect Calculation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
20) Memory leak (CVE-ID: CVE-2017-11538)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WriteOnePNGImage() function in coders/png.c. A remote attacker can perform a denial of service attack.
21) Memory leak (CVE-ID: CVE-2017-11539)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ReadOnePNGImage() function in coders/png.c. A remote attacker can perform a denial of service attack.
22) Out-of-bounds read (CVE-ID: CVE-2017-11540)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
23) NULL pointer dereference (CVE-ID: CVE-2017-11522)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.
24) Input validation error (CVE-ID: CVE-2017-11505)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
25) Infinite loop (CVE-ID: CVE-2017-11446)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadPESImage function in coderspes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
26) Input validation error (CVE-ID: CVE-2017-11360)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadRLEImage function in coders le.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
27) Input validation error (CVE-ID: CVE-2017-11310)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The read_user_chunk_callback function in coderspng.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
Remediation
Install update from vendor's website.
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111
- https://github.com/ImageMagick/ImageMagick/issues/596
- https://security.gentoo.org/glsa/201711-07
- https://www.debian.org/security/2017/dsa-4019
- https://github.com/ImageMagick/ImageMagick/commit/8985ed08f01d465ee65ab5a106186b3868b6f601
- https://github.com/ImageMagick/ImageMagick/issues/553
- http://www.securityfocus.com/bid/100155
- https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
- https://github.com/ImageMagick/ImageMagick/issues/542
- https://usn.ubuntu.com/3681-1/
- https://www.debian.org/security/2017/dsa-4040
- https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
- https://github.com/ImageMagick/ImageMagick/issues/550
- http://www.securityfocus.com/bid/100159
- https://github.com/ImageMagick/ImageMagick/issues/552
- http://www.securityfocus.com/bid/100218
- https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
- https://github.com/ImageMagick/ImageMagick/issues/549
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- http://www.securityfocus.com/bid/100145
- https://github.com/ImageMagick/ImageMagick/issues/544
- https://github.com/ImageMagick/ImageMagick/issues/545
- http://www.securityfocus.com/bid/100157
- https://github.com/ImageMagick/ImageMagick/issues/546
- https://github.com/ImageMagick/ImageMagick/issues/555
- https://github.com/ImageMagick/ImageMagick/issues/536
- https://github.com/ImageMagick/ImageMagick/issues/548
- https://github.com/ImageMagick/ImageMagick/issues/547
- http://www.securityfocus.com/bid/100014
- https://github.com/ImageMagick/ImageMagick/issues/587
- http://www.securityfocus.com/bid/99931
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867810
- https://github.com/ImageMagick/ImageMagick/issues/519
- http://www.securityfocus.com/bid/99998
- https://github.com/ImageMagick/ImageMagick/issues/566
- https://github.com/ImageMagick/ImageMagick/issues/564
- http://www.securityfocus.com/bid/100000
- https://github.com/ImageMagick/ImageMagick/issues/567
- https://github.com/ImageMagick/ImageMagick/issues/560
- http://www.securityfocus.com/bid/100003
- https://github.com/ImageMagick/ImageMagick/issues/569
- http://www.securityfocus.com/bid/99936
- https://github.com/ImageMagick/ImageMagick/issues/582
- http://www.securityfocus.com/bid/99929
- https://github.com/ImageMagick/ImageMagick/issues/581
- https://bugs.debian.org/869209
- https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
- https://github.com/ImageMagick/ImageMagick/issues/586
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867824
- https://github.com/ImageMagick/ImageMagick/issues/526
- http://www.securityfocus.com/bid/99964
- https://github.com/ImageMagick/ImageMagick/issues/537
- https://github.com/ImageMagick/ImageMagick/issues/518
- http://www.securityfocus.com/bid/99585
- https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
- https://github.com/ImageMagick/ImageMagick/issues/517