SB2018100516 - OpenSUSE Linux update for ImageMagick

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100516

SB2018100516 - OpenSUSE Linux update for ImageMagick

Published: October 5, 2018

Security Bulletin ID SB2018100516
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 40% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-16323)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.


2) Null pointer dereference (CVE-ID: CVE-2018-16328)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the CheckEventLogging function of ImageMagick due to boundary error when processing malicious input. A remote attacker can trick the victim into accessing an image file that submits malicious input, trigger a NULL pointer dereference condition in the CheckEventLogging function, as defined in the MagickCore/log.c source code file and cause the service to crash.


3) Null pointer dereference (CVE-ID: CVE-2018-16329)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the GetMagickProperty function of ImageMagick due to boundary error when processing malicious input. A remote attacker can trick the victim into accessing an image file that submits malicious input, trigger a NULL pointer dereference condition in the GetMagickProperty function as defined in the MagickCore/log.c source code file and cause the service to crash.


4) Buffer over-read (CVE-ID: CVE-2018-16413)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a heap-based buffer over-read in the MagickCore/quantum-private.h in PushShortPixel() function when called from the coders/psd.c ParseImageResourceBlocks() function. A remote attacker can perform a denial of service attack with a specially crafted image file.


5) Input validation error (CVE-ID: CVE-2018-16640)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.


6) Input validation error (CVE-ID: CVE-2018-16641)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.


7) Heap-based buffer overflow (CVE-ID: CVE-2018-16642)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within InsertRow in coders/cut.c when processing images. A remote attacker can create a specially crafted image, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Input validation error (CVE-ID: CVE-2018-16643)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.


9) Input validation error (CVE-ID: CVE-2018-16644)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient check for length in ReadDCMImage() function in coders/dcm.c and in ReadPICTImage() function in coders/pict.c. A remote attacker can pass a specially crafted image to the affected application and trigger application crash.


10) Buffer overflow (CVE-ID: CVE-2018-16645)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ReadBMPImage() function in coders/bmp.c and in ReadDIBImage() function in coders/dib.c. A remote attacker can create a specially crafted image, pass it to the affected application and trigger application crash due to memory allocation error.


Remediation

Install update from vendor's website.

References