SB2024082293 - Ubuntu update for imagemagick

Main Vulnerability Database SB2024082293

SB2024082293 - Ubuntu update for imagemagick

Published: August 22, 2024

Security Bulletin ID SB2024082293

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2018-18025)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. A remote attacker can perform a denial of service attack.

2) Memory leak (CVE-ID: CVE-2018-17966)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function WritePDBImage in coders/sgi.c. A remote attacker can perform a denial of service attack via a specially crafted file.

3) Buffer over-read (CVE-ID: CVE-2018-16412)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. A remote attacker can perform a denial of service attack.

4) Buffer over-read (CVE-ID: CVE-2018-16413)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a heap-based buffer over-read in the MagickCore/quantum-private.h in PushShortPixel() function when called from the coders/psd.c ParseImageResourceBlocks() function. A remote attacker can perform a denial of service attack with a specially crafted image file.

5) Infinite loop (CVE-ID: CVE-2018-18024)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function ReadBMPImage in coders/sgi.c. A remote attacker can perform a denial of service attack via a specially crafted bmp file.

6) Memory leak (CVE-ID: CVE-2018-18016)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the function WritePCXImage in coders/sgi.c. A remote attacker can perform a denial of service attack via a specially crafted file.

7) Infinite loop (CVE-ID: CVE-2018-20467)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in coders/bmp.c. A remote attacker can trick the victim into opening a specially crafted file, consume all available system resources and cause denial of service conditions.

8) Resource exhaustion (CVE-ID: CVE-2017-12806)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory exhaustion when processing images within the format8BIM() function. A remote attacker can create a specially crafted image, pass it to the affected application and consume all available memory on the system.

9) Resource exhaustion (CVE-ID: CVE-2017-12805)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a memory consumption condition in the "ReadTIFFImage()" function. A remote attacker can send a specially crafted file to the targeted system, trigger resource exhaustion and perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2017-13144)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in ImageMagick. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-6980-1

Vulnerable Software

Ubuntu: 14.04
imagemagick (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagick++-dev (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagick++5 (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagickcore-dev (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagickcore5 (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagickcore5-extra (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagickwand-dev (Ubuntu package): before Ubuntu Pro (Infra-only)
libmagickwand5 (Ubuntu package): before Ubuntu Pro (Infra-only)
perlmagick (Ubuntu package): before Ubuntu Pro (Infra-only)