Skip to content

GitLab

aports
aports
Closed
Opened by Alicha CH@alichaReporter
Report abuse New issue

[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)

CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14314

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78

CVE-2017-14504: ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number
of colors for the XV 332 format, leading to a NULL Pointer Dereference.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14504

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c

CVE-2017-14733:ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify
too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14733

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3

CVE-2017-14994: ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer
dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14994

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264

CVE-2017-14997: GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer
underflow in ReadPICTImage in coders/pict.c.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-14997

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200

CVE-2017-15930: In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG
scanlines, related to a PixelPacket pointer.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-15930

Patch:

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b

(from redmine: issue id 8095, created on 2017-11-02, closed on 2017-12-11)

  • Relations:
  • Changesets:
    • Revision 38638bab by Francesco Colista on 2017-12-11T02:15:43Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
  • Revision 3b572148 by Francesco Colista on 2017-12-11T02:36:23Z:
community/graphicsmagick: security upgrade to 1.3.27.

- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information