Lucene search

DebianDEBIAN:DLA-1154-1:6E465

HistoryOct 31, 2017 - 5:48 p.m.

[SECURITY] [DLA 1154-1] graphicsmagick security update

2017-10-3117:48:00

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.4%

JSON

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u12
CVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504
CVE-2017-14733 CVE-2017-14994 CVE-2017-14997
CVE-2017-15930
Debian Bug : 879999

Multiple vulnerabilities were found in graphicsmagick.

CVE-2017-14103

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after
certain error conditions, which allows remote attackers to conduct
use-after-free attacks via a crafted file, related to a
ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2017-11403.

CVE-2017-14314

Off-by-one error in the DrawImage function in magick/render.c in
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of
service (DrawDashPolygon heap-based buffer over-read and
application crash) via a crafted file.

CVE-2017-14504

ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not
ensure the correct number of colors for the XV 332 format, leading
to a NULL Pointer Dereference.

CVE-2017-14733

ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles
RLE headers that specify too few colors, which allows remote
attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted file.

CVE-2017-14994

ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows
remote attackers to cause a denial of service (NULL pointer
dereference) via a crafted DICOM image, related to the ability of
DCM_ReadNonNativeImages to yield an image list with zero frames.

CVE-2017-14997

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of
service (excessive memory allocation) because of an integer
underflow in ReadPICTImage in coders/pict.c.

CVE-2017-15930

In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a
Null Pointer Dereference occurs while transferring JPEG scanlines,
related to a PixelPacket pointer.

For Debian 7 "Wheezy", CVE-2017-15930 has been fixed in version
1.3.16-1.1+deb7u12. The other security issues were fixed in
1.3.16-1.1+deb7u10 on 10 Oct 2017 in DLA-1130-1 but that announcement
was never sent out so this advisory also contains the notice about
those vulnerabilities.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9ppc64ellibgraphicsmagick++1-dev< 1.3.30+hg15796-1~deb9u1libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_ppc64el.deb
Debian9s390xlibgraphics-magick-perl< 1.3.30+hg15796-1~deb9u1libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_s390x.deb
Debian9ppc64ellibgraphicsmagick++-q16-12< 1.3.30+hg15796-1~deb9u1libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_ppc64el.deb
Debian7amd64graphicsmagick-dbg< 1.3.16-1.1+deb7u10graphicsmagick-dbg_1.3.16-1.1+deb7u10_amd64.deb
Debian8i386libgraphicsmagick++3< 1.3.20-3+deb8u4libgraphicsmagick++3_1.3.20-3+deb8u4_i386.deb
Debian8armhfgraphicsmagick-dbg< 1.3.20-3+deb8u4graphicsmagick-dbg_1.3.20-3+deb8u4_armhf.deb
Debian9amd64libgraphicsmagick++1-dev< 1.3.30+hg15796-1~deb9u1libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
Debian9mips64ellibgraphics-magick-perl< 1.3.30+hg15796-1~deb9u1libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_mips64el.deb
Debian9armhflibgraphicsmagick++1-dev< 1.3.30+hg15796-1~deb9u1libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_armhf.deb
Debian7armellibgraphicsmagick1-dev< 1.3.16-1.1+deb7u12libgraphicsmagick1-dev_1.3.16-1.1+deb7u12_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	libgraphicsmagick++1-dev	< 1.3.30+hg15796-1~deb9u1	libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_ppc64el.deb
Debian	9	s390x	libgraphics-magick-perl	< 1.3.30+hg15796-1~deb9u1	libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_s390x.deb
Debian	9	ppc64el	libgraphicsmagick++-q16-12	< 1.3.30+hg15796-1~deb9u1	libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_ppc64el.deb
Debian	7	amd64	graphicsmagick-dbg	< 1.3.16-1.1+deb7u10	graphicsmagick-dbg_1.3.16-1.1+deb7u10_amd64.deb
Debian	8	i386	libgraphicsmagick++3	< 1.3.20-3+deb8u4	libgraphicsmagick++3_1.3.20-3+deb8u4_i386.deb
Debian	8	armhf	graphicsmagick-dbg	< 1.3.20-3+deb8u4	graphicsmagick-dbg_1.3.20-3+deb8u4_armhf.deb
Debian	9	amd64	libgraphicsmagick++1-dev	< 1.3.30+hg15796-1~deb9u1	libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
Debian	9	mips64el	libgraphics-magick-perl	< 1.3.30+hg15796-1~deb9u1	libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_mips64el.deb
Debian	9	armhf	libgraphicsmagick++1-dev	< 1.3.30+hg15796-1~deb9u1	libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_armhf.deb
Debian	7	armel	libgraphicsmagick1-dev	< 1.3.16-1.1+deb7u12	libgraphicsmagick1-dev_1.3.16-1.1+deb7u12_armel.deb