SB2019070504 - Multiple vulnerabilities in ImageMagick
Published: July 5, 2019 Updated: September 12, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2019-13298)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "MagickCore/enhance.c" file due to a boundary error in the "MagickCore/pixel-accessor.h" in SetPixelViaPixelInfo. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2019-13391)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read because of incorrect calls to "GetCacheViewVirtualPixels" in the "ComplexImages" function, as defined in the "MagickCore/fourier.c" file. A remote attacker can make calls on the targeted system and perform a denial of service attack.
3) Out-of-bounds read (CVE-ID: CVE-2019-13295)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read error in "AdaptiveThresholdImage" in the "MagickCore/threshold.c" file because a width of zero is mishandled. A remote attacker can trick the victim to open a specially crafted file, trigger out-of-bounds read error and crash the application.
4) Resource management error (CVE-ID: CVE-2019-13296)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a memory leak in AcquireMagickMemory due to an error in CLIListOperatorImages in the "MagickWand/operation.c" file. A remote attacker can perform a denial of service attack.
5) Resource management error (CVE-ID: CVE-2019-13311)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a memory leak in AcquireMagickMemory due to an error in the "wand/mogrify.c" file. A remote attacker can perform a denial of service attack on the target system.
6) Resource management error (CVE-ID: CVE-2019-13309)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages in the "MagickWand/operation.c" file. A remote attacker can perform a denial of service attack.
7) Resource management error (CVE-ID: CVE-2019-13310)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to an error in "MagickWand/mogrify.c" file. A remote attacker can perform a denial of service attack.
8) Resource management error (CVE-ID: CVE-2019-13301)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to an AnnotateImage error. A remote attacker can perform a denial of service attack.
9) Out-of-bounds read (CVE-ID: CVE-2019-13297)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in AdaptiveThresholdImage in the "MagickCore/threshold.c" file because a height of zero is mishandled. A remote attacker can perform a denial of service attack.
10) Heap-based buffer overflow (CVE-ID: CVE-2019-13308)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the "MagickCore/fourier.c" in ComplexImage. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2019-13299)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the "MagickCore/pixel-accessor.h" in GetPixelChannel. A remote attacker can perform a denial of service attack.
12) Heap-based buffer overflow (CVE-ID: CVE-2019-13300)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the EvaluateImages in the "MagickCore/statistic.c" file because of mishandling columns. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Out-of-bounds read (CVE-ID: CVE-2019-13302)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in ComplexImages in the "MagickCore/fourier.c" file. A remote attacker can perform a denial of service attack.
14) Out-of-bounds read (CVE-ID: CVE-2019-13303)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in CompositeImage in the "MagickCore/composite.c" file. A remote attacker can perform a denial of service attack.
15) Stack-based buffer overflow (CVE-ID: CVE-2019-13304)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the "coders/pnm.c" file because of a misplaced assignment. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Stack-based buffer overflow (CVE-ID: CVE-2019-13305)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the coders/pnm.c file because of a misplaced "strncpy" and "an off-by-one" error. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Stack-based buffer overflow (CVE-ID: CVE-2019-13306)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the "coders/pnm.c" file because of "off-by-one" errors. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2019-13307)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the EvaluateImages in the "MagickCore/statistic.c" file because of mishandling rows. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
- https://github.com/ImageMagick/ImageMagick/issues/1611
- https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7
- https://github.com/ImageMagick/ImageMagick/issues/1588
- https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
- https://github.com/ImageMagick/ImageMagick/commit/a7759f410b773a1dd57b0e1fb28112e1cd8b97bc
- https://github.com/ImageMagick/ImageMagick/issues/1608
- https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
- https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
- https://github.com/ImageMagick/ImageMagick/issues/1604
- https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a
- https://github.com/ImageMagick/ImageMagick/issues/1623
- https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
- https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d
- https://github.com/ImageMagick/ImageMagick/issues/1616
- https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
- https://github.com/ImageMagick/ImageMagick/commit/f595a1985233c399a05c0c37cc41de16a90dd025
- https://github.com/ImageMagick/ImageMagick/issues/1585
- https://github.com/ImageMagick/ImageMagick/issues/1589
- https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc
- https://github.com/ImageMagick/ImageMagick/issues/1609
- https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
- https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a
- https://github.com/ImageMagick/ImageMagick/issues/1595
- https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
- https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc
- https://github.com/ImageMagick/ImageMagick/issues/1610
- https://github.com/ImageMagick/ImageMagick/commit/a906fe9298bf89e01d5272023db687935068849a
- https://github.com/ImageMagick/ImageMagick/issues/1586
- https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
- https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d
- https://github.com/ImageMagick/ImageMagick/issues/1597
- https://github.com/ImageMagick/ImageMagick/commit/d29148fae06c01ef215940e084cf41853c117bab
- https://github.com/ImageMagick/ImageMagick/issues/1603
- https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e
- https://github.com/ImageMagick/ImageMagick/issues/1614
- https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
- https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888
- https://github.com/ImageMagick/ImageMagick/issues/1613
- https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
- https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd
- https://github.com/ImageMagick/ImageMagick/issues/1612
- https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
- https://github.com/ImageMagick/ImageMagick/commit/025e77fcb2f45b21689931ba3bf74eac153afa48
- https://github.com/ImageMagick/ImageMagick/issues/1615
- https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe