Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 180
    • Merge Requests 180
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8095

Closed
Open
Opened Nov 02, 2017 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)

CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14314

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78

CVE-2017-14504: ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number
of colors for the XV 332 format, leading to a NULL Pointer Dereference.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14504

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c

CVE-2017-14733:ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify
too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14733

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3

CVE-2017-14994: ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer
dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14994

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264

CVE-2017-14997: GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer
underflow in ReadPICTImage in coders/pict.c.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14997

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200

CVE-2017-15930: In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG
scanlines, related to a PixelPacket pointer.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-15930

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b

(from redmine: issue id 8095, created on 2017-11-02, closed on 2017-12-11)

  • Relations:
    • parent #8094 (closed)
  • Changesets:
    • Revision 38638bab by Francesco Colista on 2017-12-11T02:15:43Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
  • Revision 3b572148 by Francesco Colista on 2017-12-11T02:36:23Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8095