Bug 47537 - imagemagick: Multiple issues (4.2)
imagemagick: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on: 47550
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-09 10:19 CEST by Quality Assurance
Modified: 2018-08-15 16:20 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-08-09 10:19:10 CEST
New Debian imagemagick 8:6.8.9.9-5+deb8u13 fixes:
This update addresses the following issue(s):
* 
CVE_2005-0406 is open
CVE_2008-3134 is open
CVE_2016-8678 is open
CVE_2017-6502 is open
CVE_2017-7275 is open
CVE_2017-9500 is open
* The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. (CVE-2017-10995)
CVE_2017-11166 is open
CVE_2017-11446 is open
CVE_2017-11523 is open
CVE_2017-11531 is open
CVE_2017-11532 is open
* When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. (CVE-2017-11533)
CVE_2017-11534 is open
* When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. (CVE-2017-11535)
CVE_2017-11536 is open
CVE_2017-11537 is open
CVE_2017-11539 is open
* When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. (CVE-2017-11639)
CVE_2017-11644 is open
CVE_2017-11724 is open
CVE_2017-11751 is open
CVE_2017-11752 is open
CVE_2017-11754 is open
CVE_2017-11755 is open
CVE_2017-12140 is open
CVE_2017-12418 is open
CVE_2017-12427 is open
CVE_2017-12428 is open
CVE_2017-12429 is open
CVE_2017-12430 is open
CVE_2017-12432 is open
CVE_2017-12433 is open
CVE_2017-12434 is open
CVE_2017-12435 is open
CVE_2017-12563 is open
CVE_2017-12564 is open
CVE_2017-12565 is open
CVE_2017-12566 is open
CVE_2017-12587 is open
CVE_2017-12641 is open
CVE_2017-12642 is open
CVE_2017-12643 is open
CVE_2017-12644 is open
CVE_2017-12654 is open
CVE_2017-12662 is open
CVE_2017-12663 is open
CVE_2017-12664 is open
CVE_2017-12665 is open
CVE_2017-12667 is open
CVE_2017-12668 is open
CVE_2017-12669 is open
CVE_2017-12670 is open
CVE_2017-12671 is open
CVE_2017-12672 is open
CVE_2017-12673 is open
CVE_2017-12674 is open
CVE_2017-12675 is open
CVE_2017-12676 is open
CVE_2017-12691 is open
CVE_2017-12692 is open
CVE_2017-12693 is open
CVE_2017-12875 is open
CVE_2017-13058 is open
CVE_2017-13059 is open
CVE_2017-13060 is open
CVE_2017-13062 is open
CVE_2017-13131 is open
CVE_2017-13133 is open
CVE_2017-13141 is open
CVE_2017-13142 is open
* In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. (CVE-2017-13143)
CVE_2017-13145 is open
CVE_2017-13146 is open
CVE_2017-13658 is open
CVE_2017-13768 is open
CVE_2017-14060 is open
CVE_2017-14137 is open
CVE_2017-14138 is open
CVE_2017-14139 is open
CVE_2017-14172 is open
CVE_2017-14173 is open
CVE_2017-14174 is open
CVE_2017-14175 is open
CVE_2017-14249 is open
CVE_2017-14324 is open
CVE_2017-14325 is open
CVE_2017-14326 is open
CVE_2017-14341 is open
CVE_2017-14342 is open
CVE_2017-14343 is open
CVE_2017-14400 is open
CVE_2017-14505 is open
CVE_2017-14531 is open
CVE_2017-14532 is open
CVE_2017-14533 is open
CVE_2017-14624 is open
CVE_2017-14625 is open
CVE_2017-14626 is open
CVE_2017-14684 is open
CVE_2017-14739 is open
CVE_2017-14741 is open
CVE_2017-15015 is open
CVE_2017-15016 is open
CVE_2017-15017 is open
CVE_2017-15032 is open
CVE_2017-15033 is open
CVE_2017-15217 is open
CVE_2017-15218 is open
CVE_2017-15281 is open
* ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. (CVE-2017-17504)
CVE_2017-17680 is open
CVE_2017-17681 is open
CVE_2017-17682 is open
* In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. (CVE-2017-17879)
CVE_2017-17880 is open
CVE_2017-17881 is open
CVE_2017-17882 is open
CVE_2017-17883 is open
CVE_2017-17884 is open
CVE_2017-17885 is open
CVE_2017-17886 is open
CVE_2017-17887 is open
CVE_2017-17914 is open
CVE_2017-17934 is open
CVE_2017-18008 is open
CVE_2017-18022 is open
CVE_2017-18027 is open
CVE_2017-18028 is open
CVE_2017-18029 is open
CVE_2017-18209 is open
CVE_2017-18211 is open
CVE_2017-18251 is open
CVE_2017-18252 is open
CVE_2017-18254 is open
CVE_2017-18271 is open
CVE_2017-18273 is open
CVE_2017-1000445 is open
CVE_2017-1000476 is open
CVE_2018-5246 is open
CVE_2018-5247 is open
* In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. (CVE-2018-5248)
CVE_2018-5357 is open
CVE_2018-5358 is open
CVE_2018-6405 is open
CVE_2018-7443 is open
CVE_2018-7470 is open
CVE_2018-8804 is open
CVE_2018-8960 is open
CVE_2018-9133 is open
CVE_2018-9135 is open
CVE_2018-10177 is open
CVE_2018-10804 is open
CVE_2018-10805 is open
* In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. (CVE-2018-11251)
CVE_2018-11655 is open
CVE_2018-11656 is open
* In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)
* In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)
CVE_2018-13153 is open
CVE_2018-14434 is open
CVE_2018-14435 is open
CVE_2018-14436 is open
CVE_2018-14437 is open
CVE_2018-14551 is open
TEMP-0869722-31618B is open

8:6.8.9.9-5+deb8u13 (Thu, 21 Jun 2018 19:52:55 -0400) * Non-maintainer upload by the LTS Team. * CVE-2018-11251: heap-based buffer over-read and application crash via a crafted SUN image. * CVE-2018-12599: out of bounds write via a crafted BMP image. * CVE-2018-12600: out of bounds write via a crafted DIB image.

8:6.8.9.9-5+deb8u12 (Sun, 06 May 2018 18:28:48 +0200) * Non-maintainer upload. * Fix the following security vulnerabilities: - CVE-2017-10995: heap-based buffer over-read and application crash via a crafted MNG image. - CVE-2017-11533: heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. - CVE-2017-11535: heap-based buffer over-read in the WritePSImage() function in coders/ps.c. - CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c. - CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. - CVE-2017-17504: heap-based buffer over-read. - CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage in coders/png.c. - CVE-2018-5248: heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function.
* CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function (CVE-2017-10995)
* CVE-2017-11533 ImageMagick: Heap-buffer over-read in the WriteUILImage() function (CVE-2017-11533)
* CVE-2017-11535 ImageMagick: Heap-based buffer over-read in the WritePSImage() function (CVE-2017-11535)
* CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c (CVE-2017-11639)
* CVE-2017-13143 ImageMagick: Initialized data use in ReadMATImage function in coders/mat.c (CVE-2017-13143)
* CVE-2017-17504 ImageMagick: Heap-based buffer overflow in Magick_png_read_raw_profile (CVE-2017-17504)
* CVE-2017-17879 ImageMagick: Heap-based buffer over-read in ReadOneMNGImage function in coders/png.c (CVE-2017-17879)
* CVE-2018-5248 ImageMagick: Heap-based buffer over-read in the ReadSIXELImage function in coders/sixel.c (CVE-2018-5248)
* CVE-2018-11251 ImageMagick: heap-based buffer over-read in ReadSUNImage in coders/sun.c (CVE-2018-11251)
* CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)
* CVE-2018-12600 ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)
Comment 1 Quality Assurance univentionstaff 2018-08-09 18:46:33 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/imagemagick_6.8.9.9-5+deb8u11.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/imagemagick_6.8.9.9-5+deb8u13.dsc
@@ -1,3 +1,32 @@
+8:6.8.9.9-5+deb8u13 [Thu, 21 Jun 2018 19:52:55 -0400] Roberto C. Sanchez <roberto@debian.org>:
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2018-11251: heap-based buffer over-read and application crash via a
+    crafted SUN image.
+  * CVE-2018-12599: out of bounds write via a crafted BMP image.
+  * CVE-2018-12600: out of bounds write via a crafted DIB image.
+
+8:6.8.9.9-5+deb8u12 [Sun, 06 May 2018 18:28:48 +0200] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload.
+  * Fix the following security vulnerabilities:
+    - CVE-2017-10995: heap-based buffer over-read and application crash via a
+      crafted MNG image. (Closes: #867748)
+    - CVE-2017-11533: heap-based buffer over-read in the WriteUILImage()
+      function in coders/uil.c. (Closes: #869834)
+    - CVE-2017-11535: heap-based buffer over-read in the WritePSImage()
+      function in coders/ps.c. (Closes: #869827)
+    - CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage()
+      function in coders/cip.c. (Closes: #870065)
+    - CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized
+      data, which might allow remote attackers to obtain sensitive information
+      from process memory. (Closes: #870012)
+    - CVE-2017-17504: heap-based buffer over-read. (Closes: #885340)
+    - CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage
+      in coders/png.c. (Closes: #885125)
+    - CVE-2018-5248: heap-based buffer over-read in coders/sixel.c
+      in the ReadSIXELImage function. (Closes: #886588)
+
 8:6.8.9.9-5+deb8u11 [Thu, 16 Nov 2017 23:13:59 +0100] Moritz Muehlenhoff <jmm@debian.org>:
 
   * Multiple security fixes

<http://10.200.17.11/4.2-4/#745573269296407109>
Comment 2 Philipp Hahn univentionstaff 2018-08-10 11:57:02 CEST
libimage-magick-q16-perl : Depends: perl (>= 5.20.2-3+deb8u11)
Comment 3 Quality Assurance univentionstaff 2018-08-10 12:45:04 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/imagemagick_6.8.9.9-5+deb8u11.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/imagemagick_6.8.9.9-5+deb8u13.dsc
@@ -1,3 +1,32 @@
+8:6.8.9.9-5+deb8u13 [Thu, 21 Jun 2018 19:52:55 -0400] Roberto C. Sanchez <roberto@debian.org>:
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2018-11251: heap-based buffer over-read and application crash via a
+    crafted SUN image.
+  * CVE-2018-12599: out of bounds write via a crafted BMP image.
+  * CVE-2018-12600: out of bounds write via a crafted DIB image.
+
+8:6.8.9.9-5+deb8u12 [Sun, 06 May 2018 18:28:48 +0200] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload.
+  * Fix the following security vulnerabilities:
+    - CVE-2017-10995: heap-based buffer over-read and application crash via a
+      crafted MNG image. (Closes: #867748)
+    - CVE-2017-11533: heap-based buffer over-read in the WriteUILImage()
+      function in coders/uil.c. (Closes: #869834)
+    - CVE-2017-11535: heap-based buffer over-read in the WritePSImage()
+      function in coders/ps.c. (Closes: #869827)
+    - CVE-2017-11639: heap-based buffer over-read in the WriteCIPImage()
+      function in coders/cip.c. (Closes: #870065)
+    - CVE-2017-13143: ReadMATImage function in coders/mat.c uses uninitialized
+      data, which might allow remote attackers to obtain sensitive information
+      from process memory. (Closes: #870012)
+    - CVE-2017-17504: heap-based buffer over-read. (Closes: #885340)
+    - CVE-2017-17879: heap-based buffer over-read in ReadOneMNGImage
+      in coders/png.c. (Closes: #885125)
+    - CVE-2018-5248: heap-based buffer over-read in coders/sixel.c
+      in the ReadSIXELImage function. (Closes: #886588)
+
 8:6.8.9.9-5+deb8u11 [Thu, 16 Nov 2017 23:13:59 +0100] Moritz Muehlenhoff <jmm@debian.org>:
 
   * Multiple security fixes

<http://10.200.17.11/4.2-4/#5917489926512356401>
Comment 4 Philipp Hahn univentionstaff 2018-08-10 12:53:43 CEST
OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.2-4] 79c9753fa9 Bug #47537: imagemagick 8:6.8.9.9-5+deb8u13
 doc/errata/staging/imagemagick.yaml | 202 ++++--------------------------------
 1 file changed, 19 insertions(+), 183 deletions(-)

[4.2-4] 7c6fed3645 Bug #47537: imagemagick 8:6.8.9.9-5+deb8u13
 doc/errata/staging/imagemagick.yaml | 203 ++++++++++++++++++++++++++++++++++++
 1 file changed, 203 insertions(+)
Comment 5 Arvid Requate univentionstaff 2018-08-15 16:20:24 CEST
<http://errata.software-univention.de/ucs/4.2/455.html>