Multiple vulnerabilities in ImageMagick



Published: 2017-12-19 | Updated: 2018-05-29
Risk Low
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2017-1000476
CVE-2017-10928
CVE-2017-11450
CVE-2017-14325
CVE-2017-17887
CVE-2017-18250
CVE-2017-18251
CVE-2017-18252
CVE-2017-18254
CVE-2017-18271
CWE-ID CWE-400
CWE-126
CWE-20
CWE-119
CWE-401
CWE-476
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
ImageMagick
Client/Desktop applications / Multimedia software

Vendor ImageMagick.org

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU12632

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000476

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function ReadDDSInfo in coders/dds.c due to CPU exhaustion. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-12 Q16

External links

http://github.com/ImageMagick/ImageMagick/issues/867


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer over-read

EUVDB-ID: #VU12633

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10928

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the GetNextToken function in token.c due to heap-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted SVG document and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.6-0

External links

http://github.com/ImageMagick/ImageMagick/issues/539


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU12635

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11450

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can cause the service to crash via JPEG data that is too short.

Mitigation

Update to version 7.0.6-1.

Vulnerable software versions

ImageMagick: 7.0.6-0

External links

http://github.com/ImageMagick/ImageMagick/issues/556


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU12636

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14325

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function PersistPixelCache in magick/cache.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file, trigger memory consumption and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-1 Q16

External links

http://github.com/ImageMagick/ImageMagick/issues/741


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU12637

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17887

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function GetImagePixelCache in magick/cache.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted MNG image file that is processed by ReadOneMNGImage and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-16 Q16

External links

http://github.com/ImageMagick/ImageMagick/issues/903


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU12638

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18250

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function LogOpenCLBuildFailure in MagickCore/opencl.c due to NULL pointer dereference. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-0

External links

http://github.com/ImageMagick/ImageMagick/issues/793


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU12639

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18251

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function ReadPCDImage in coders/pcd.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-0

External links

http://github.com/ImageMagick/ImageMagick/issues/809


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU12640

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18252

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the MogrifyImageList function in MagickWand/mogrify.c due to assertion failure. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-0

External links

http://github.com/ImageMagick/ImageMagick/issues/802


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU12641

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18254

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function WriteGIFImage in coders/gif.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-0

External links

http://github.com/ImageMagick/ImageMagick/issues/808


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU13039

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18271

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop in the function ReadMIFFImage in coders/miff.c. A remote attacker can submit a specially crafted MIFF image file, trigger CPU exhaustion and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ImageMagick: 7.0.7-16

External links

http://github.com/ImageMagick/ImageMagick/issues/911


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###