SB2017091824 - Multiple vulnerabilities in ImageMagick
Published: September 18, 2017 Updated: January 6, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2017-14532)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in TIFFIgnoreTags in coders/tiff.c. A remote attacker can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2017-14625)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function sixel_output_create in coders/sixel.c. A remote attacker can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2017-15015)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in PDFDelegateMessage in coders/pdf.c. A remote attacker can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2017-14626)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function sixel_decode in coders/sixel.c. A remote attacker can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2017-14624)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function PostscriptDelegateMessage in coders/ps.c. A remote attacker can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2017-14060)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the ReadCUTImage() function in coders/cut.c. A remote attacker can pass a specially crafted image file to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/issues/719
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://usn.ubuntu.com/3681-1/
- https://github.com/ImageMagick/ImageMagick/issues/721
- https://github.com/ImageMagick/ImageMagick/issues/724
- https://github.com/ImageMagick/ImageMagick/issues/720
- https://github.com/ImageMagick/ImageMagick/issues/722
- https://github.com/ImageMagick/ImageMagick/issues/710
- https://security.gentoo.org/glsa/201711-07