[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)
CVE-2017-14314: Off-by-one error in the DrawImage function in
magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based
buffer over-read and application crash) via a crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14314
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
CVE-2017-14504: ReadPNMImage in coders/pnm.c in GraphicsMagick
1.3.26 does not ensure the correct number
of colors for the XV 332 format, leading to a NULL Pointer Dereference.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14504
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
CVE-2017-14733:ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26
mishandles RLE headers that specify
too few colors, which allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a
crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14733
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
CVE-2017-14994: ReadDCMImage in coders/dcm.c in GraphicsMagick
1.3.26 allows remote attackers to cause a denial of service (NULL
pointer
dereference) via a crafted DICOM image, related to the ability of
DCM_ReadNonNativeImages to yield an image list with zero frames.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14994
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
CVE-2017-14997: GraphicsMagick 1.3.26 allows remote attackers to
cause a denial of service (excessive memory allocation) because of an
integer
underflow in ReadPICTImage in coders/pict.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14997
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200
CVE-2017-15930: In ReadOneJNGImage in coders/png.c in GraphicsMagick
1.3.26, a Null Pointer Dereference occurs while transferring JPEG
scanlines, related to a PixelPacket pointer.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15930
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
(from redmine: issue id 8095, created on 2017-11-02, closed on 2017-12-11)
- Relations:
- parent #8094 (closed)
- Changesets:
- Revision 38638bab by Francesco Colista on 2017-12-11T02:15:43Z:
community/graphicsmagick: security upgrade to 1.3.27.
- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
- Revision 3b572148 by Francesco Colista on 2017-12-11T02:36:23Z:
community/graphicsmagick: security upgrade to 1.3.27.
- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)