Project

General

Profile

Bug #7944

Bug #7942: graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)

[3.6] graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)

Added by Alicha CH 10 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
09/28/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

References:

https://sourceforge.net/p/graphicsmagick/bugs/435/

CVE-2017-13648: In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.

References:

https://sourceforge.net/p/graphicsmagick/bugs/433/

CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26.
The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

References:

https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/

CVE-2017-14103: Use-after-free in ReadJNGImage and ReadOneJNGImage functions in coders/png.c

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after
certain error conditions, which allows remote attackers to conduct
use-after-free attacks via a crafted file, related to a ReadMNGImage
out-of-order CloseBlob call.

NOTE: this vulnerability exists because of
an incomplete fix for CVE-2017-11403.

References:

https://blogs.gentoo.org/ago/2017/09/01/graphicsmagick-use-after-free-in-closeblob-blob-c-incomplete-fix-for-cve-2017-11403/
http://www.openwall.com/lists/oss-security/2017/09/01/6

CVE-2017-14165: The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because
it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.

References:

http://openwall.com/lists/oss-security/2017/09/06/4
https://sourceforge.net/p/graphicsmagick/bugs/442/

CVE-2017-14649: ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data,
leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

*References:

https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/
https://sourceforge.net/p/graphicsmagick/bugs/439/

Associated revisions

Revision e49e0636 (diff)
Added by Francesco Colista 7 months ago

community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8096
- Fixes #7944 (last CVE was not fixed since the patch did not apply)

History

#1 Updated by Francesco Colista 7 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Francesco Colista 7 months ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF