Ubuntu update for GraphicsMagick

Published: 2019-12-03 | Updated: 2019-12-03
Severity Medium
Patch available YES
Number of vulnerabilities 13
CVE ID CVE-2019-11473
CVE-2019-11010
CVE-2019-11474
CVE-2019-11505
CVE-2019-11506
CVE-2019-11009
CVE-2019-11008
CVE-2018-20189
CVE-2018-20185
CVE-2019-11005
CVE-2019-11006
CVE-2019-11007
CVE-2018-20184
CWE ID CWE-125
CWE-401
CWE-682
CWE-122
CWE-20
CWE-126
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software graphicsmagick (Ubuntu package) Subscribe
Vendor Canonical Ltd.

Security Advisory

1) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11473

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD image file, pass it to the affected application, trigger out-of-bounds read error and crash the application.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11010

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Incorrect calculation

Severity: Low

CVSSv3: 2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11474

CWE-ID: CWE-682 - Incorrect Calculation

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD file, pass it to the application, trigger a floating-point exception and crash the affected application.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11505

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in function WritePDBImage() in coders/pdb.c. A remote attacker can create a specially crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11506

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in MAT writer within the function WriteMATLABImage of coders/mat.c, related to ExportRedQuantumType in magick/export.c. A remote attacker can create a crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

Severity: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11009

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadXWDImage() in coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

Severity: Medium

CVSSv3: 6.1 [CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11008

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WriteXWDImage() function in coders/xwd.c. A remote attacker can create a crafted XWD file, pass it to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-20189

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error in the ReadDIBImage function of coders/dib.c when processing malicious input in DIB reader. A remote attacker can cause the service to crash via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Heap-based buffer over-read

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-20185

CWE-ID: CWE-126 - Buffer Over-read

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in GraphicsMagick installations with customized BMP limits due to heap-based buffer over-read in the ReadBMPImage function of bmp.c when processing malicious input. A remote attacker can cause the service to crash via a crafted bmp image file.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stack-based buffer overflow

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11005

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a quoted font family value within the SVGStartElement() function in coders/svg.c in SVG reader. A remote unauthenticated attacker can create a specially crafted image, pass it to the affected application, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Severity: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11006

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c in MIFF reader, which allows attackers to cause a denial of service or information disclosure via an RLE packet. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Severity: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11007

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Heap-based buffer overflow

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-20184

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the WriteTGAImage function of tga.c when processing malicious input. A remote attacker can cause the service to crash via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS
graphicsmagick - 1.3.28-2ubuntu0.1
libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1
libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1

Vulnerable software versions

graphicsmagick (Ubuntu package): 1.3.26-19, 1.3.27-1, 1.3.27-2, 1.3.27-3, 1.3.27-4, 1.3.28-1, 1.3.28-2

CPE External links

https://usn.ubuntu.com/4207-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.