SB2018050205 - Slackware Linux update for libwmf

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2004-0941)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow. A remote attacker can execute arbitrary code via specially crafted image files that trigger the overflows due to improper calls to the gdMalloc function.

Successful exploitation of the vulnerability may result in system compromise.

2) Integer overflow (CVE-ID: CVE-2006-3376)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in player.c in libwmf, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick, due to integer overflow. A remote attacker can trigger memory corruption and execute arbitrary code via the MaxRecordSize header field in a WMF file.

Successful exploitation of the vulnerability may result in system compromise.

3) Buffer overflow (CVE-ID: CVE-2007-0455)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the gdImageStringFTEx function in gdft.c due to buffer overflow. A remote attacker can cause the service to crash or execute arbitrary code via a specially crafted string with a JIS encoded font.

Successful exploitation of the vulnerability may result in system comprmise.

4) Infinite loop (CVE-ID: CVE-2007-2756)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the gdPngReadData function due to CPU consumption. A remote attacker can trcik the victim into opening a specially crafted PNG image with truncated data, which causes infinite loop in the png_read_info function in libpng, and cause the service to crash.

5) Integer overflow (CVE-ID: CVE-2007-3472)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in gdImageCreateTrueColor function due to integer overflow. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

6) Improper resource shutdown (CVE-ID: CVE-2007-3473)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in gdImageCreateXbm function due to improper resource shutdown. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

7) Resource exhaustion (CVE-ID: CVE-2007-3477)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the (a) imagearc and (b) imagefilledarc functions due to CPU consumption. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash via a large (1) start or (2) end angle degree value.

8) Memory corruption (CVE-ID: CVE-2009-3546)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the _gdGetColors function in gd_gd.c due to improper verification of a certain colorsTotal structure member. A remote attacker can trick the victim into opening a specially crafted GD file, trigger buffer over-read or buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

9) Heap-based buffer overflow (CVE-ID: CVE-2015-0848)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted BMP image, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

10) Heap-based buffer overflow (CVE-ID: CVE-2015-4588)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists  in the DecodeImage function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted "run-length count" in an image in a WMF file, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

11) Out-of-bounds read (CVE-ID: CVE-2015-4695)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the DecodeImage function due to out-of-bounds read. A remote attacker can trigger memory corruption and cause the service to crash via a specially crafted WMF file.

12) Use-after-free error (CVE-ID: CVE-2015-4696)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening a specially crafted WMF file to the (1) wmf2gd or (2) wmf2eps command, trigger memory corruption and cause the service to crash.

13) Improper input validation (CVE-ID: CVE-2016-10167)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.

14) Integer overflow (CVE-ID: CVE-2016-10168)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

15) Uncontrolled memory allocation (CVE-ID: CVE-2016-9011)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the wmf_malloc function in api.c due to uncontrolled memory allocation. A remote attacker can trick the victim into opening a specially crafted wmf file, trigger memory corruption and cause the service to crash.

16) Improper input validation (CVE-ID: CVE-2016-9317)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing overly large images in the gdImageCreate() function in the GD Graphics Library (aka libgd) before 2.2.4. A remote attacker can supply an overly large image and crash the application, using the affected library.

17) Double free memory error (CVE-ID: CVE-2017-6362)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to double free memory error in the gdImagePngPtr function. A remote attacker can submit vectors related to a palette with no colors and cause the service to crash.

Remediation

Install update from vendor's website.

References

• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340