Skip to content

GitLab

aports
aports
Closed
Opened by Alicha CH@alicha
Report abuse New issue

[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)

CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14314

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78

CVE-2017-14504: ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number
of colors for the XV 332 format, leading to a NULL Pointer Dereference.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14504

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c

CVE-2017-14733:ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify
too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14733

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3

CVE-2017-14994: ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer
dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14994

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264

CVE-2017-14997: GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer
underflow in ReadPICTImage in coders/pict.c.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14997

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200

CVE-2017-15930: In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG
scanlines, related to a PixelPacket pointer.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-15930

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b

(from redmine: issue id 8095, created on 2017-11-02, closed on 2017-12-11)

  • Relations:
  • Changesets:
    • Revision 38638bab by Francesco Colista on 2017-12-11T02:15:43Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
  • Revision 3b572148 by Francesco Colista on 2017-12-11T02:36:23Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.