SB2018031613 - Multiple vulnerabilities in ImageMagick
Published: March 16, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-11524)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to assertion failure when processing input data. A remote attacker can send a specially crafted file and cause the service to crash.
2) Resource exhaustion (CVE-ID: CVE-2017-12692)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the ReadVIFFImage function in coders/viff.c due to memory consumption. A remote attacker can trick the victim into opening a specially crafted VIFF file, trigger resource exhaustion and cause the service to crash.
3) Resource exhaustion (CVE-ID: CVE-2017-12693)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the ReadBMPImage function in coders/bmp.c due to memory consumption. A remote attacker can trick the victim into opening a specially crafted BMP file, trigger resource exhaustion and cause the service to crash.
4) NULL pointer dereference (CVE-ID: CVE-2017-13768)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the IdentifyImage function in MagickCore/identify.c due to NULL pointer dereference. A remote attacker can trick the victim into opening a specially crafted image file and cause the service to crash.
5) NULL pointer dereference (CVE-ID: CVE-2017-14505)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in DrawGetStrokeDashArray in wand/drawing-wand.c due to mishandling certain NULL arrays. A remote attacker can trick the victim into opening a specially crafted Image File, trigger NULL pointer dereference and cause the service to crash.
6) NULL pointer dereference (CVE-ID: CVE-2017-14739)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the AcquireResampleFilterThreadSet function in magick/resample-private.h due to mishandling failed memory allocation. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
7) NULL pointer dereference (CVE-ID: CVE-2017-15016)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in ReadEnhMetaFile in coders/emf.c due to NULL pointer dereference. A remote attacker can cause the service to crash.
8) NULL pointer dereference (CVE-ID: CVE-2017-15017)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in ReadOneMNGImage in coders/png.c due to NULL pointer dereference. A remote attacker can cause the service to crash.
9) Improper input validation (CVE-ID: CVE-2017-9500)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the ResetImageProfileIterator function due to assertion failure. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.
10) Double free error (CVE-ID: CVE-2018-8804)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in WriteEPTImage in coders/ept.c due to double free error. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/issues/506
- https://github.com/ImageMagick/ImageMagick/issues/653
- https://github.com/ImageMagick/ImageMagick/issues/652
- https://github.com/ImageMagick/ImageMagick/issues/706
- https://github.com/ImageMagick/ImageMagick/issues/780
- https://github.com/ImageMagick/ImageMagick/issues/725
- https://github.com/ImageMagick/ImageMagick/issues/723
- https://github.com/ImageMagick/ImageMagick/issues/500
- https://github.com/ImageMagick/ImageMagick/issues/1025