SB2018010822 - Arch Linux update for graphicsmagick
Published: January 8, 2018 Updated: January 8, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2017-11403)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
2) Out-of-bounds read (CVE-ID: CVE-2017-12935)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
3) Use-after-free (CVE-ID: CVE-2017-12936)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
4) Out-of-bounds read (CVE-ID: CVE-2017-12937)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to colormap heap-based buffer over-read. A remote attacker can perform a denial of service attack.
5) Heap-based buffer overflow (CVE-ID: CVE-2017-13063)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the the function GetStyleTokens in coders/svg.c:314:12. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Heap-based buffer overflow (CVE-ID: CVE-2017-13064)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the the function GetStyleTokens in coders/svg.c:311:12. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) NULL pointer dereference (CVE-ID: CVE-2017-13065)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function SVGStartElement in coders/svg.c. A remote attacker can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2017-13066)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the function CloneImage in magick/image.c due to memory leak. A remote attacker can trigger memory corruption and cause the service to crash.
9) Heap-based buffer overread (CVE-ID: CVE-2017-13134)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to heap-based buffer over-read in the function SFWScan in coders/sfw.c. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Input validation error (CVE-ID: CVE-2017-13776)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
11) Input validation error (CVE-ID: CVE-2017-13777)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
12) Buffer overflow (CVE-ID: CVE-2017-14165)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
13) Null pointer dereference (CVE-ID: CVE-2017-15930)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to an error n ReadOneJNGImage in coders/png.c. A remote attacker can transfer specially crafted JPEG scanlines, trigger null pointer dereference, related to a PixelPacket pointer and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
14) Input validation error (CVE-ID: CVE-2017-16547)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
Remediation
Install update from vendor's website.