SB2019070504 - Multiple vulnerabilities in ImageMagick
Published: July 5, 2019 Updated: September 12, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2019-13308)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the "MagickCore/fourier.c" in ComplexImage. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2019-13307)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the EvaluateImages in the "MagickCore/statistic.c" file because of mishandling rows. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Stack-based buffer overflow (CVE-ID: CVE-2019-13306)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the "coders/pnm.c" file because of "off-by-one" errors. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2019-13305)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the coders/pnm.c file because of a misplaced "strncpy" and "an off-by-one" error. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2019-13304)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WritePNMImage in the "coders/pnm.c" file because of a misplaced assignment. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Out-of-bounds read (CVE-ID: CVE-2019-13303)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in CompositeImage in the "MagickCore/composite.c" file. A remote attacker can perform a denial of service attack.
7) Out-of-bounds read (CVE-ID: CVE-2019-13302)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in ComplexImages in the "MagickCore/fourier.c" file. A remote attacker can perform a denial of service attack.
8) Heap-based buffer overflow (CVE-ID: CVE-2019-13300)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the EvaluateImages in the "MagickCore/statistic.c" file because of mishandling columns. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds read (CVE-ID: CVE-2019-13299)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the "MagickCore/pixel-accessor.h" in GetPixelChannel. A remote attacker can perform a denial of service attack.
10) Heap-based buffer overflow (CVE-ID: CVE-2019-13298)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "MagickCore/enhance.c" file due to a boundary error in the "MagickCore/pixel-accessor.h" in SetPixelViaPixelInfo. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2019-13297)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in AdaptiveThresholdImage in the "MagickCore/threshold.c" file because a height of zero is mishandled. A remote attacker can perform a denial of service attack.
12) Resource management error (CVE-ID: CVE-2019-13301)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to an AnnotateImage error. A remote attacker can perform a denial of service attack.
13) Resource management error (CVE-ID: CVE-2019-13310)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to an error in "MagickWand/mogrify.c" file. A remote attacker can perform a denial of service attack.
14) Resource management error (CVE-ID: CVE-2019-13309)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists because of a memory leak in AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages in the "MagickWand/operation.c" file. A remote attacker can perform a denial of service attack.
15) Resource management error (CVE-ID: CVE-2019-13311)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a memory leak in AcquireMagickMemory due to an error in the "wand/mogrify.c" file. A remote attacker can perform a denial of service attack on the target system.
16) Resource management error (CVE-ID: CVE-2019-13296)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a memory leak in AcquireMagickMemory due to an error in CLIListOperatorImages in the "MagickWand/operation.c" file. A remote attacker can perform a denial of service attack.
17) Out-of-bounds read (CVE-ID: CVE-2019-13295)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read error in "AdaptiveThresholdImage" in the "MagickCore/threshold.c" file because a width of zero is mishandled. A remote attacker can trick the victim to open a specially crafted file, trigger out-of-bounds read error and crash the application.
18) Out-of-bounds read (CVE-ID: CVE-2019-13391)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read because of incorrect calls to "GetCacheViewVirtualPixels" in the "ComplexImages" function, as defined in the "MagickCore/fourier.c" file. A remote attacker can make calls on the targeted system and perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a
- https://github.com/ImageMagick/ImageMagick/issues/1595
- https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
- https://github.com/ImageMagick/ImageMagick/commit/025e77fcb2f45b21689931ba3bf74eac153afa48
- https://github.com/ImageMagick/ImageMagick/issues/1615
- https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
- https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd
- https://github.com/ImageMagick/ImageMagick/issues/1612
- https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
- https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888
- https://github.com/ImageMagick/ImageMagick/issues/1613
- https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
- https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e
- https://github.com/ImageMagick/ImageMagick/issues/1614
- https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
- https://github.com/ImageMagick/ImageMagick/commit/d29148fae06c01ef215940e084cf41853c117bab
- https://github.com/ImageMagick/ImageMagick/issues/1603
- https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d
- https://github.com/ImageMagick/ImageMagick/issues/1597
- https://github.com/ImageMagick/ImageMagick/commit/a906fe9298bf89e01d5272023db687935068849a
- https://github.com/ImageMagick/ImageMagick/issues/1586
- https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
- https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc
- https://github.com/ImageMagick/ImageMagick/issues/1610
- https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
- https://github.com/ImageMagick/ImageMagick/issues/1611
- https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc
- https://github.com/ImageMagick/ImageMagick/issues/1609
- https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
- https://github.com/ImageMagick/ImageMagick/commit/f595a1985233c399a05c0c37cc41de16a90dd025
- https://github.com/ImageMagick/ImageMagick/issues/1585
- https://github.com/ImageMagick/ImageMagick/issues/1589
- https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d
- https://github.com/ImageMagick/ImageMagick/issues/1616
- https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
- https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a
- https://github.com/ImageMagick/ImageMagick/issues/1623
- https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
- https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
- https://github.com/ImageMagick/ImageMagick/issues/1604
- https://github.com/ImageMagick/ImageMagick/commit/a7759f410b773a1dd57b0e1fb28112e1cd8b97bc
- https://github.com/ImageMagick/ImageMagick/issues/1608
- https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
- https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7
- https://github.com/ImageMagick/ImageMagick/issues/1588
- https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984