[3.6] graphicsmagick: Multiple vulnerabilities (CVE-2017-13065, CVE-2017-13648, CVE-2017-14042, CVE-2017-14103, CVE-2017-14165, CVE-2017-14649)
CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
References:
https://sourceforge.net/p/graphicsmagick/bugs/435/
CVE-2017-13648: In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
References:
https://sourceforge.net/p/graphicsmagick/bugs/433/
CVE-2017-14042: A memory allocation failure was discovered in the
ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26.
The vulnerability causes a big memory allocation, which may lead to
remote denial of service in the MagickRealloc function in
magick/memory.c.
References:
CVE-2017-14103: Use-after-free in ReadJNGImage and ReadOneJNGImage functions in coders/png.c
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after
certain error conditions, which allows remote attackers to conduct
use-after-free attacks via a crafted file, related to a ReadMNGImage
out-of-order CloseBlob call.
NOTE: this vulnerability exists because of
an incomplete fix for CVE-2017-11403.
References:
https://blogs.gentoo.org/ago/2017/09/01/graphicsmagick-use-after-free-in-closeblob-blob-c-incomplete-fix-for-cve-2017-11403/
http://www.openwall.com/lists/oss-security/2017/09/01/6
CVE-2017-14165: The ReadSUNImage function in coders/sun.c in
GraphicsMagick 1.3.26 has an issue where memory allocation is excessive
because
it depends only on a length field in a header. This may lead to remote
denial of service in the MagickMalloc function in magick/memory.c.
References:
http://openwall.com/lists/oss-security/2017/09/06/4
https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14649: ReadOneJNGImage in coders/png.c in GraphicsMagick
version 1.3.26 does not properly validate JNG data,
leading to a denial of service (assertion failure in
magick/pixel_cache.c, and application crash).
*References:
https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel\_cache-c/
https://sourceforge.net/p/graphicsmagick/bugs/439/
(from redmine: issue id 7944, created on 2017-09-28, closed on 2017-12-11)
- Relations:
- parent #7942 (closed)
- Changesets:
- Revision e49e0636 by Francesco Colista on 2017-12-11T02:23:54Z:
community/graphicsmagick: security upgrade to 1.3.27.
- Fixes #8096
- Fixes #7944 (last CVE was not fixed since the patch did not apply)