SB2019042402 - Multiple vulnerabilities in GraphicsMagick
Published: April 24, 2019 Updated: March 31, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-11473)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a boundary condition within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD image file, pass it to the affected application, trigger out-of-bounds read error and crash the application.
2) Heap-based buffer overflow (CVE-ID: CVE-2019-11505)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in function WritePDBImage() in coders/pdb.c. A remote attacker can create a specially crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2019-11506)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in MAT writer within the function WriteMATLABImage of coders/mat.c, related to ExportRedQuantumType in magick/export.c. A remote attacker can create a crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Incorrect calculation (CVE-ID: CVE-2019-11474)
CWE-ID: CWE-682 - Incorrect Calculation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD file, pass it to the application, trigger a floating-point exception and crash the affected application.
5) Stack-based buffer overflow (CVE-ID: CVE-2019-11005)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a quoted font family value within the SVGStartElement() function in coders/svg.c in SVG reader. A remote unauthenticated attacker can create a specially crafted image, pass it to the affected application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Out-of-bounds read (CVE-ID: CVE-2019-11006)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c in MIFF reader, which allows attackers to cause a denial of service or information disclosure via an RLE packet. A remote attacker can perform a denial of service attack.
7) Out-of-bounds read (CVE-ID: CVE-2019-11007)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. A remote attacker can perform a denial of service attack.
8) Heap-based buffer overflow (CVE-ID: CVE-2019-11008)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WriteXWDImage() function in coders/xwd.c. A remote attacker can create a crafted XWD file, pass it to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds read (CVE-ID: CVE-2019-11009)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function ReadXWDImage() in coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. A remote attacker can perform a denial of service attack.
10) Memory leak (CVE-ID: CVE-2019-11010)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. A remote attacker can perform a denial of service attack.
11) Path traversal (CVE-ID: CVE-2019-12921)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within TranslateTextEx component for processing SVG images in GraphicsMagick. A remote attacker can create a specially crafted SVG file and read contents of arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
- http://www.graphicsmagick.org/NEWS.html#june-15-2019
- http://www.graphicsmagick.org/Changelog.html
- http://www.securityfocus.com/bid/108055
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
- https://sourceforge.net/p/graphicsmagick/bugs/605/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
- https://sourceforge.net/p/graphicsmagick/bugs/604/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
- https://sourceforge.net/p/graphicsmagick/bugs/600/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
- https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
- https://sourceforge.net/p/graphicsmagick/bugs/598/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83
- https://sourceforge.net/p/graphicsmagick/bugs/596/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
- https://sourceforge.net/p/graphicsmagick/bugs/599/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de
- https://sourceforge.net/p/graphicsmagick/bugs/597/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
- https://sourceforge.net/p/graphicsmagick/bugs/601/
- http://www.graphicsmagick.org/
- https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md
- https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html