SB2017121222 - OpenSUSE Linux update for GraphicsMagick

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017121222

SB2017121222 - OpenSUSE Linux update for GraphicsMagick

Published: December 12, 2017

Security Bulletin ID SB2017121222
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Buffer over-read (CVE-ID: CVE-2017-10799)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read that occurs in ReadDPXImage() when processing DPX images with large width in metadata.


2) Resource exhaustion (CVE-ID: CVE-2017-12140)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an integer signedness error in the ReadDCMImage function in coders\dcm.c. A remote attacker can trick the victim into opening a specially crafted DCM file, trigger excessive memory consumption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Memory leak (CVE-ID: CVE-2017-12644)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a memory leak in ReadDCMImage in codersdcm.c. A remote attacker can trick the victim into opening a specially crafted file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Memory leak (CVE-ID: CVE-2017-12662)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a memory leak in WritePDFImage in coders/pdf.c. A remote attacker can trick the victim into opening a specially crafted file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Heap-based buffer overread (CVE-ID: CVE-2017-14733)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ReadRLEImage in coders/rle.c mishandles RLE headers that specify too few colors. A remote attacker can provide a specially crafted RLE document, trigger heap-based buffer over-read and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

6) NULL pointer dereference (CVE-ID: CVE-2017-14994)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.


Remediation

Install update from vendor's website.

References