Multiple vulnerabilities in GraphicsMagick

1) Memory corruption

EUVDB-ID: #VU11809

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14314

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on th etarget system.

The weakness exists in the DrawImage function in magick/render.c due to off-by-one error. A remote attacker can trick the victim into opening a specially crafted file, trigger heap-based buffer over-read and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GraphicsMagick: 1.3.26

External links

http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU11814

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-16352

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted MIFF format file with the verbose flag, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GraphicsMagick: 1.3.26

External links

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Memory corruption

EUVDB-ID: #VU11815

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-16353

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the DescribeImage function of the magick/describe.c file due to heap-based buffer over-read because the portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image and out-of-bounds buffer dereference because certain increments are never checked. A remote attacker can trick the victim into opening a specially crafted MIFF file and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GraphicsMagick: 1.3.26

External links

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.