Bug 51898 – imagemagick: Multiple issues (4.4)

Bug 51898 - imagemagick: Multiple issues (4.4)


Summary:	imagemagick: Multiple issues (4.4)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.4-5-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-08-24 12:40 CEST by Quality Assurance
Modified:	2020-08-26 16:35 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	8.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2020-08-24 12:40:51 CEST

New Debian imagemagick 8:6.9.7.4+dfsg-11+deb9u9 fixes:
This update addresses the following issues:
* memory exhaustion in function ReadTIFFImage causing denial of service  (CVE-2017-12805)
* Infinite loop in ReadPSDChannelZip function in coders/psd.c  (CVE-2017-17681)
* assertion failure in MogrifyImageList function in MagickWand/mogrify.c  (CVE-2017-18252)
* Memory allocation failure in ReadTIFFImage function in memory.c  (CVE-2018-7443)
* double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)
* heap-buffer-overflow in ReadTIFFImage function in coders/tiff.c  (CVE-2018-8960)
* excessive iteration in the DecodeLabImage and EncodeLabImage functions in  coders/tiff.c (CVE-2018-9133)
* Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a  denial of service via crafted MNG file (CVE-2018-10177)
* Uninitialized variable in coders/mat.c:ReadMATImageV4() allows for memory  corruption (CVE-2018-14551)
* infinite loop in the ReadBMPImage function of the coders/bmp.c  (CVE-2018-18024)
* infinite loop in coders/bmp.c (CVE-2018-20467)
* off-by-one read in formatIPTCfromBuffer function in coders/meta.c  (CVE-2019-10131)
* denial of service in cineon parsing component (CVE-2019-11470)
* denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing  component (CVE-2019-11472)
* heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c  leading to DoS or information disclosure (CVE-2019-11597)
* null-pointer dereference in function ReadPANGOImage in coders/pango.c and  ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974)
* use of uninitialised value in function WriteJP2Image in coders/jp2.c  (CVE-2019-12977)
* use of uninitialized value in function ReadPANGOImage in coders/pango.c  (CVE-2019-12978)
* use of uninitialized value in functionSyncImageSettings in  MagickCore/image.c (CVE-2019-12979)
* heap-based buffer over-read at MagickCore/threshold.c in  AdaptiveThresholdImage because a width of zero is mishandled  (CVE-2019-13295)
* heap-based buffer over-read at MagickCore/threshold.c in  AdaptiveThresholdImage because a height of zero is mishandled  (CVE-2019-13297)
* division by zero in RemoveDuplicateLayers in MagickCore/layer.c  (CVE-2019-13454)
* division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)
* heap-based buffer over-read in WritePNGImage in coders/png.c  (CVE-2019-19949)

Comment 1 Quality Assurance

2020-08-24 14:43:59 CEST

--- mirror/ftp/4.4/unmaintained/4.4-5/source/imagemagick_6.9.7.4+dfsg-11+deb9u8.dsc
+++ apt/ucs_4.4-0-errata4.4-5/source/imagemagick_6.9.7.4+dfsg-11+deb9u9.dsc
@@ -1,3 +1,17 @@
+8:6.9.7.4+dfsg-11+deb9u9 [Tue, 18 Aug 2020 18:01:23 +0200] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2017-12805 CVE-2017-17681 CVE-2017-18252 CVE-2018-7443
+    CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
+    CVE-2018-18024 CVE-2018-20467 CVE-2019-10131~ CVE-2019-11472 CVE-2019-11597
+    CVE-2019-12974 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13295
+    CVE-2019-13297 CVE-2019-11470 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949.
+    Several security vulnerabilities were fixed in Imagemagick. Various memory
+    handling problems and cases of missing or incomplete input sanitizing may
+    result in denial of service, memory or CPU exhaustion, information
+    disclosure or potentially the execution of arbitrary code when a malformed
+    image file is processed.
+
 8:6.9.7.4+dfsg-11+deb9u8 [Wed, 01 Jul 2020 23:11:31 +0200] Moritz Mühlenhoff <jmm@debian.org>:
 
   * CVE-2019-13300 (Closes: #931454)

<http://10.200.17.11/4.4-5/#2927392920430364596>

Comment 2 Philipp Hahn

2020-08-24 16:14:18 CEST

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-5] cac01bb961 Bug #51898: imagemagick 8:6.9.7.4+dfsg-11+deb9u9
 doc/errata/staging/imagemagick.yaml | 40 ++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

[4.4-5] 4019eea842 Bug #51898: imagemagick 8:6.9.7.4+dfsg-11+deb9u9
 doc/errata/staging/imagemagick.yaml | 80 +++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

Comment 3 Erik Damrose

2020-08-26 16:35:41 CEST

<https://errata.software-univention.de/#/?erratum=4.4x716>