Project

General

Profile

Bug #7748

Bug #7747: graphicsmagick: Multiple vulnerabilities (CVE-2017-11642, CVE-2017-11722, CVE-2017-12935, CVE-2017-12936, CVE-2017-12937, CVE-2017-13063, CVE-2017-13064)

[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-11642, CVE-2017-11722, CVE-2017-12935, CVE-2017-12936, CVE-2017-12937, CVE-2017-13063, CVE-2017-13064)

Added by Alicha CH over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
08/23/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-11642: GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function
in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-11642

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9

CVE-2017-11722: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-11722

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e

CVE-2017-12935: nvalid memory read in SetImageColorCallBack (image.c)

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an
invalid memory read in the SetImageColorCallBack function in magick/image.c.

References:

http://openwall.com/lists/oss-security/2017/08/18/4

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188

CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

References:

http://openwall.com/lists/oss-security/2017/08/18/3

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd

CVE-2017-12937: heap-based buffer overflow in ReadSUNImage (sun.c)

Affected version:

1.3.26

References:

http://openwall.com/lists/oss-security/2017/08/18/5

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978

CVE-2017-13063: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

References:

https://sourceforge.net/p/graphicsmagick/bugs/434/
https://nvd.nist.gov/vuln/detail/CVE-2017-13063

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a

CVE-2017-13064: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.

References:

https://sourceforge.net/p/graphicsmagick/bugs/436/

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a

Associated revisions

Revision 887ce5de (diff)
Added by Francesco Colista over 1 year ago

community/graphicsmagick: security fixes for various CVEs:

  • CVE-2017-11642
  • CVE-2017-11722
  • CVE-2017-12935
  • CVE-2017-12936
  • CVE-2017-12937
  • CVE-2017-13063
  • CVE-2017-13064

Fixes #7748

History

#1 Updated by Francesco Colista over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Francesco Colista over 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF