Bug 44403 - imagemagick: Multiple issues (4.2)
imagemagick: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks: 43448
  Show dependency treegraph
 
Reported: 2017-04-19 12:48 CEST by Arvid Requate
Modified: 2017-06-28 15:33 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 5.1 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-04-19 12:48:05 CEST
Upstream Debian package version 8:6.8.9.9-5+deb8u8 fixes these issues:

* An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. (CVE-2017-6498)
* An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). (CVE-2017-6499)
* An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. (CVE-2017-6500)
Comment 1 Arvid Requate univentionstaff 2017-06-01 16:40:13 CEST
Upstream Debian package version 8:6.8.9.9-5+deb8u9 fixes these issues:

* The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7941)
* The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7943)
* In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8343)
* In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8344)
* In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8345)
* In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8346)
* In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8347)
* In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8348)
* In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8349)
* In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8350)
* In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8351)
* In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8352)
* In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8353)
* In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8354)
* In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8355)
* In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8356)
* In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8357)
* The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. (CVE-2017-8765)
* In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8830)
* ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. (CVE-2017-9098)
* In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. (CVE-2017-9141)
* In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. (CVE-2017-9142)
* In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. (CVE-2017-9143)
* In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. (CVE-2017-9144)
Comment 2 Philipp Hahn univentionstaff 2017-06-15 10:50:29 CEST
QA: piuparts -D debian --keep-sources-list -b /var/univention/buildsystem2/pbuilder/ucs_4.2-0-errata4.2-0_amd64.tgz -d  --bindmount=/var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0 /var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0/amd64/imagemagick_6.8.9.9-5+deb8u9_amd64.deb
Comment 3 Arvid Requate univentionstaff 2017-06-22 20:37:51 CEST
* Package imported and built in errata4.2-0
* I've moved and updated the advisory to errata4.2-1
* Advisory content good
* Package update ok
Comment 4 Janek Walkenhorst univentionstaff 2017-06-28 15:33:31 CEST
<http://errata.software-univention.de/ucs/4.2/55.html>