SB2017122803 - Debian update for imagemagick

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2017-12877)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error in the DestroyImage function in image.c in ImageMagick before 7.0.6-6. A remote attacker can cause a denial of service via a specially crafted file.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper input validation (CVE-ID: CVE-2017-16546)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to the ReadWPGImage function in coders/wpg.c does not properly validate the colormap index in a WPG palette. A remote attacker can provide a specially WPG file, trigger use of uninitialized data or invalid memory allocation and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Use-after-free (CVE-ID: CVE-2017-17499)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error in Magick::Image::read in Magick++/lib/Image.cpp. A remote attacker can create create a specially crafted media file, trick the victim into opening it, and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Buffer over-read (CVE-ID: CVE-2017-17504)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a specially crafted file, related to ReadOneMNGImage. A remote attacker can perform a denial of service attack.

5) Buffer over-read (CVE-ID: CVE-2017-17879)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• http://www.openwall.com/lists/oss-security/2017/08/16/2
• https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
• https://github.com/ImageMagick/ImageMagick/issues/851
• https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
• https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
• https://github.com/ImageMagick/ImageMagick/issues/872
• https://github.com/ImageMagick/ImageMagick/issues/906