Debian update for graphicsmagick

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the WriteTGAImage function of tga.c when processing malicious input. A remote attacker can cause the service to crash via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer over-read

EUVDB-ID: #VU16587

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20185

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in GraphicsMagick installations with customized BMP limits due to heap-based buffer over-read in the ReadBMPImage function of bmp.c when processing malicious input. A remote attacker can cause the service to crash via a crafted bmp image file.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU16585

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20189

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error in the ReadDIBImage function of coders/dib.c when processing malicious input in DIB reader. A remote attacker can cause the service to crash via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU18363

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11005

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a quoted font family value within the SVGStartElement() function in coders/svg.c in SVG reader. A remote unauthenticated attacker can create a specially crafted image, pass it to the affected application, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU18364

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11006

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c in MIFF reader, which allows attackers to cause a denial of service or information disclosure via an RLE packet. A remote attacker can perform a denial of service attack.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU18365

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11007

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. A remote attacker can perform a denial of service attack.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU18366

Risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11008

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WriteXWDImage() function in coders/xwd.c. A remote attacker can create a crafted XWD file, pass it to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU18367

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11009

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function ReadXWDImage() in coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. A remote attacker can perform a denial of service attack.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU18368

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11010

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. A remote attacker can perform a denial of service attack.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU18361

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11473

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD image file, pass it to the affected application, trigger out-of-bounds read error and crash the application.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Incorrect calculation

EUVDB-ID: #VU18362

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11474

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ReadXWDImage() function in coders/xwd.c in XWD reader. A remote attacker can create a specially crafted XWD file, pass it to the application, trigger a floating-point exception and crash the affected application.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Heap-based buffer overflow

EUVDB-ID: #VU18359

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11505

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in function WritePDBImage() in coders/pdb.c. A remote attacker can create a specially crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Heap-based buffer overflow

EUVDB-ID: #VU18360

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11506

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in MAT writer within the function WriteMATLABImage of coders/mat.c, related to ExportRedQuantumType in magick/export.c. A remote attacker can create a crafted image file, pass it to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU34940

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU34941

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19951

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU34942

Risk: High

CVSSv3.1: 7.9 [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19953

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function EncodeImage of coders/pict.c. A remote attacker can perform a denial of service attack.

Mitigation

Update graphicsmagick package to one of the following versions: 1.3.30+hg15796-1~deb9u3, 1.4~hg15978-1+deb10u1.

Vulnerable software versions

Debian Linux: All versions

graphicsmagick (Debian package): before 1.4~hg15978-1+deb10u1

External links