Project

General

Profile

Bug #7942

graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)

Added by Alicha CH 4 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Start date:
09/28/2017
Due date:
% Done:

100%

Affected versions:

Description

CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

References:

https://sourceforge.net/p/graphicsmagick/bugs/435/

CVE-2017-13648: In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.

References:

https://sourceforge.net/p/graphicsmagick/bugs/433/

CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26.
The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

References:

https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/

CVE-2017-14103: Use-after-free in ReadJNGImage and ReadOneJNGImage functions in coders/png.c

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after
certain error conditions, which allows remote attackers to conduct
use-after-free attacks via a crafted file, related to a ReadMNGImage
out-of-order CloseBlob call.

NOTE: this vulnerability exists because of
an incomplete fix for CVE-2017-11403.

References:

https://blogs.gentoo.org/ago/2017/09/01/graphicsmagick-use-after-free-in-closeblob-blob-c-incomplete-fix-for-cve-2017-11403/
http://www.openwall.com/lists/oss-security/2017/09/01/6

CVE-2017-14165: The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because
it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.

References:

http://openwall.com/lists/oss-security/2017/09/06/4
https://sourceforge.net/p/graphicsmagick/bugs/442/

CVE-2017-14649: ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data,
leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

*References:

https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/
https://sourceforge.net/p/graphicsmagick/bugs/439/


Subtasks

Bug #7943: [3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)ClosedFrancesco Colista

Bug #7944: [3.6] graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)ClosedFrancesco Colista

History

#1 Updated by Francesco Colista about 1 month ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF