Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635658 (CVE-2017-11102, CVE-2017-11641, CVE-2017-13648, CVE-2017-13775, CVE-2017-13776, CVE-2017-13777, CVE-2017-14042, CVE-2017-14649, CVE-2017-14733, CVE-2017-15238) - <media-gfx/graphicsmagick-1.3.27: Multiple vulnerabilities
Summary: <media-gfx/graphicsmagick-1.3.27: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-11102, CVE-2017-11641, CVE-2017-13648, CVE-2017-13775, CVE-2017-13776, CVE-2017-13777, CVE-2017-14042, CVE-2017-14649, CVE-2017-14733, CVE-2017-15238
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-28 07:57 UTC by GLSAMaker/CVETool Bot
Modified: 2018-03-26 01:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-28 07:57:28 UTC
CVE-2017-15238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15238):
  ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a
  use-after-free issue when the height or width is zero, related to
  ReadJNGImage.

CVE-2017-14733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14733):
  ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers
  that specify too few colors, which allows remote attackers to cause a denial
  of service (heap-based buffer over-read and application crash) via a crafted
  file.

CVE-2017-14649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14649):
  ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not
  properly validate JNG data, leading to a denial of service (assertion
  failure in magick/pixel_cache.c, and application crash).

CVE-2017-14042 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14042):
  A memory allocation failure was discovered in the ReadPNMImage function in
  coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory
  allocation, which may lead to remote denial of service in the MagickRealloc
  function in magick/memory.c.

CVE-2017-13777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13777):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a
  coders/xbm.c "Read hex image data" version==10 case that results in the
  reader not returning; it would cause large amounts of CPU and memory
  consumption although the crafted file itself does not request it.

CVE-2017-13776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13776):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a
  coders/xbm.c "Read hex image data" version!=10 case that results in the
  reader not returning; it would cause large amounts of CPU and memory
  consumption although the crafted file itself does not request it.

CVE-2017-13775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13775):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in
  coders/jnx.c whereby large amounts of CPU and memory resources may be
  consumed although the file itself does not support the requests.

CVE-2017-13648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13648):
  In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c.

CVE-2017-11641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11641):
  GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in
  magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

CVE-2017-11102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11102):
  The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows
  remote attackers to cause a denial of service (application crash) during JNG
  reading via a zero-length color_image data structure.
Comment 1 Agostino Sarubbo gentoo-dev 2017-11-05 11:43:34 UTC
some of these have already been filed.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-03-26 01:28:03 UTC
@maintainer(s), please clean the vulnerable version from the tree.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-03-26 01:45:30 UTC
cleanup will be tracked in bug #640690

GLSA Vote: No