Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719126 - media-gfx/imagemagick: Multiple vulnerabilities
Summary: media-gfx/imagemagick: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-23 21:30 UTC by Sam James
Modified: 2020-04-23 21:33 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-23 21:30:17 UTC 
CVE-2019-7398 (https://nvd.nist.gov/vuln/detail/CVE-2019-7398):
  In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in
  coders/dib.c.

CVE-2019-7397 (https://nvd.nist.gov/vuln/detail/CVE-2019-7397):
  In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several
  memory leaks exist in WritePDFImage in coders/pdf.c.

CVE-2019-7396 (https://nvd.nist.gov/vuln/detail/CVE-2019-7396):
  In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in
  coders/sixel.c.

CVE-2019-7395 (https://nvd.nist.gov/vuln/detail/CVE-2019-7395):
  In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in
  coders/psd.c.

CVE-2019-7175 (https://nvd.nist.gov/vuln/detail/CVE-2019-7175):
  In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in
  coders/pcd.c.

CVE-2019-17547 (https://nvd.nist.gov/vuln/detail/CVE-2019-17547):
  In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a
  use-after-free.

CVE-2019-17541 (https://nvd.nist.gov/vuln/detail/CVE-2019-17541):
  ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in
  MagickCore/string.c because the error manager is mishandled in
  coders/jpeg.c.

CVE-2019-17540 (https://nvd.nist.gov/vuln/detail/CVE-2019-17540):
  ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo
  in coders/ps.c.

CVE-2019-16713 (https://nvd.nist.gov/vuln/detail/CVE-2019-16713):
  ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by
  PingImage in MagickCore/constitute.c.

CVE-2019-16712 (https://nvd.nist.gov/vuln/detail/CVE-2019-16712):
  ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in
  coders/ps3.c, as demonstrated by WritePS3Image.

CVE-2019-16711 (https://nvd.nist.gov/vuln/detail/CVE-2019-16711):
  ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in
  coders/ps2.c.

CVE-2019-16710 (https://nvd.nist.gov/vuln/detail/CVE-2019-16710):
  ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by
  AcquireMagickMemory in MagickCore/memory.c.

CVE-2019-16709 (https://nvd.nist.gov/vuln/detail/CVE-2019-16709):
  ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by
  XCreateImage.

CVE-2019-16708 (https://nvd.nist.gov/vuln/detail/CVE-2019-16708):
  ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to
  XCreateImage.

CVE-2019-15141 (https://nvd.nist.gov/vuln/detail/CVE-2019-15141):
  WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers
  to cause a denial-of-service (application crash resulting from a heap-based
  buffer over-read) via a crafted TIFF image file, related to
  TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and
  TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this
  occurs because of an incomplete fix for CVE-2019-11597.

CVE-2019-15140 (https://nvd.nist.gov/vuln/detail/CVE-2019-15140):
  coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a
  denial of service (use-after-free and application crash) or possibly have
  unspecified other impact by crafting a Matlab image file that is mishandled
  in ReadImage in MagickCore/constitute.c.

CVE-2019-15139 (https://nvd.nist.gov/vuln/detail/CVE-2019-15139):
  The XWD image (X Window System window dumping file) parsing component in
  ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service
  (application crash resulting from an out-of-bounds Read) in ReadXWDImage in
  coders/xwd.c by crafting a corrupted XWD image file, a different
  vulnerability than CVE-2019-11472.

CVE-2019-14981 (https://nvd.nist.gov/vuln/detail/CVE-2019-14981):
  In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a
  divide-by-zero vulnerability in the MeanShiftImage function. It allows an
  attacker to cause a denial of service by sending a crafted file.

CVE-2019-14980 (https://nvd.nist.gov/vuln/detail/CVE-2019-14980):
  In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use
  after free vulnerability in the UnmapBlob function that allows an attacker
  to cause a denial of service by sending a crafted file.

CVE-2019-13454 (https://nvd.nist.gov/vuln/detail/CVE-2019-13454):
  ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in
  MagickCore/layer.c.

CVE-2019-13391 (https://nvd.nist.gov/vuln/detail/CVE-2019-13391):
  In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a
  heap-based buffer over-read because of incorrect calls to
  GetCacheViewVirtualPixels.

CVE-2019-13311 (https://nvd.nist.gov/vuln/detail/CVE-2019-13311):
  ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of
  a wand/mogrify.c error.

CVE-2019-13310 (https://nvd.nist.gov/vuln/detail/CVE-2019-13310):
  ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of
  an error in MagickWand/mogrify.c.

CVE-2019-13309 (https://nvd.nist.gov/vuln/detail/CVE-2019-13309):
  ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of
  mishandling the NoSuchImage error in CLIListOperatorImages in
  MagickWand/operation.c.

CVE-2019-13308 (https://nvd.nist.gov/vuln/detail/CVE-2019-13308):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in
  MagickCore/fourier.c in ComplexImage.

CVE-2019-13307 (https://nvd.nist.gov/vuln/detail/CVE-2019-13307):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
  MagickCore/statistic.c in EvaluateImages because of mishandling rows.

CVE-2019-13306 (https://nvd.nist.gov/vuln/detail/CVE-2019-13306):
  ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c
  in WritePNMImage because of off-by-one errors.

CVE-2019-13305 (https://nvd.nist.gov/vuln/detail/CVE-2019-13305):
  ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c
  in WritePNMImage because of a misplaced strncpy and an off-by-one error.

CVE-2019-13304 (https://nvd.nist.gov/vuln/detail/CVE-2019-13304):
  ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c
  in WritePNMImage because of a misplaced assignment.

CVE-2019-13303 (https://nvd.nist.gov/vuln/detail/CVE-2019-13303):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in
  MagickCore/composite.c in CompositeImage.

CVE-2019-13302 (https://nvd.nist.gov/vuln/detail/CVE-2019-13302):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in
  MagickCore/fourier.c in ComplexImages.

CVE-2019-13301 (https://nvd.nist.gov/vuln/detail/CVE-2019-13301):
  ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of
  an AnnotateImage error.

CVE-2019-13300 (https://nvd.nist.gov/vuln/detail/CVE-2019-13300):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
  MagickCore/statistic.c in EvaluateImages because of mishandling columns.

CVE-2019-13299 (https://nvd.nist.gov/vuln/detail/CVE-2019-13299):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
  MagickCore/pixel-accessor.h in GetPixelChannel.

CVE-2019-13298 (https://nvd.nist.gov/vuln/detail/CVE-2019-13298):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at
  MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a
  MagickCore/enhance.c error.

CVE-2019-13297 (https://nvd.nist.gov/vuln/detail/CVE-2019-13297):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
  MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is
  mishandled.

CVE-2019-13296 (https://nvd.nist.gov/vuln/detail/CVE-2019-13296):
  ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory
  because of an error in CLIListOperatorImages in MagickWand/operation.c for a
  NULL value.

CVE-2019-13295 (https://nvd.nist.gov/vuln/detail/CVE-2019-13295):
  ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at
  MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is
  mishandled.

CVE-2019-13137 (https://nvd.nist.gov/vuln/detail/CVE-2019-13137):
  ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function
  ReadPSImage in coders/ps.c.

CVE-2019-13136 (https://nvd.nist.gov/vuln/detail/CVE-2019-13136):
  ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the
  function TIFFSeekCustomStream in coders/tiff.c.

CVE-2019-13135 (https://nvd.nist.gov/vuln/detail/CVE-2019-13135):
  ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability
  in the function ReadCUTImage in coders/cut.c.

CVE-2019-13134 (https://nvd.nist.gov/vuln/detail/CVE-2019-13134):
  ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function
  ReadVIFFImage in coders/viff.c.

CVE-2019-13133 (https://nvd.nist.gov/vuln/detail/CVE-2019-13133):
  ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function
  ReadBMPImage in coders/bmp.c.

----
Opening to close. Tree is clean.