graphicsmagick: Multiple vulnerabilities (CVE-2017-11642, CVE-2017-11722, CVE-2017-12935, CVE-2017-12936, CVE-2017-12937, CVE-2017-13063, CVE-2017-13064)
CVE-2017-11642: GraphicsMagick 1.3.26 has a NULL pointer dereference
in the WriteMAPImage() function
in coders/map.c when processing a non-colormapped image, a different
vulnerability than CVE-2017-11638.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11642
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11722: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11722
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
CVE-2017-12935: nvalid memory read in SetImageColorCallBack (image.c)
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26
mishandles large MNG images, leading to an
invalid memory read in the SetImageColorCallBack function in
magick/image.c.
References:
http://openwall.com/lists/oss-security/2017/08/18/4
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
References:
http://openwall.com/lists/oss-security/2017/08/18/3
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12937: heap-based buffer overflow in ReadSUNImage (sun.c)
Affected version:
1.3.26
References:
http://openwall.com/lists/oss-security/2017/08/18/5
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-13063: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
References:
https://sourceforge.net/p/graphicsmagick/bugs/434/
https://nvd.nist.gov/vuln/detail/CVE-2017-13063
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13064: GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
References:
https://sourceforge.net/p/graphicsmagick/bugs/436/
Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
(from redmine: issue id 7747, created on 2017-08-23, closed on 2017-08-24)
- Relations:
- child #7748 (closed)
- child #7749 (closed)
- Changesets:
- Revision 30f6db3e by Francesco Colista on 2017-08-24T08:51:03Z:
community/graphicsmagick: security fixes for various CVEs:
* CVE-2017-11642
* CVE-2017-11722
* CVE-2017-12935
* CVE-2017-12936
* CVE-2017-12937
* CVE-2017-13063
* CVE-2017-13064
Fixes #7747