SB2019120315 - Ubuntu update for GraphicsMagick

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2019-11473)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD image file, pass it to the affected application, trigger out-of-bounds read error and crash the application.

2) Memory leak (CVE-ID: CVE-2019-11010)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. A remote attacker can perform a denial of service attack.

3) Incorrect calculation (CVE-ID: CVE-2019-11474)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD file, pass it to the application, trigger a floating-point exception and crash the affected application.

4) Heap-based buffer overflow (CVE-ID: CVE-2019-11505)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in function WritePDBImage() in coders/pdb.c. A remote attacker can create a specially crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Heap-based buffer overflow (CVE-ID: CVE-2019-11506)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in MAT writer within the function WriteMATLABImage of coders/mat.c, related to ExportRedQuantumType in magick/export.c. A remote attacker can create a crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Out-of-bounds read (CVE-ID: CVE-2019-11009)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadXWDImage() in coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. A remote attacker can perform a denial of service attack.

7) Heap-based buffer overflow (CVE-ID: CVE-2019-11008)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WriteXWDImage() function in coders/xwd.c. A remote attacker can create a crafted XWD file, pass it to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Improper input validation (CVE-ID: CVE-2018-20189)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error in the ReadDIBImage function of coders/dib.c when processing malicious input in DIB reader. A remote attacker can cause the service to crash via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

9) Heap-based buffer over-read (CVE-ID: CVE-2018-20185)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in GraphicsMagick installations with customized BMP limits due to heap-based buffer over-read in the ReadBMPImage function of bmp.c when processing malicious input. A remote attacker can cause the service to crash via a crafted bmp image file.

10) Stack-based buffer overflow (CVE-ID: CVE-2019-11005)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a quoted font family value within the SVGStartElement() function in coders/svg.c in SVG reader. A remote unauthenticated attacker can create a specially crafted image, pass it to the affected application, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) Out-of-bounds read (CVE-ID: CVE-2019-11006)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c in MIFF reader, which allows attackers to cause a denial of service or information disclosure via an RLE packet. A remote attacker can perform a denial of service attack.

12) Out-of-bounds read (CVE-ID: CVE-2019-11007)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. A remote attacker can perform a denial of service attack.

13) Heap-based buffer overflow (CVE-ID: CVE-2018-20184)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the WriteTGAImage function of tga.c when processing malicious input. A remote attacker can cause the service to crash via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.

Remediation

Install update from vendor's website.

References

• https://usn.ubuntu.com/4207-1/