ALAS-2018-966


Amazon Linux AMI Security Advisory: ALAS-2018-966
Advisory Release Date: 2018-03-08 22:17 Pacific
Severity: Important

Issue Overview:

Memory information disclosure in DescribeImage function in magick/describe.c
GraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. (CVE-2017-16353 )

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c (CVE-2017-11139 )

In GraphicsMagick there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. (CVE-2017-17913 )

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. (CVE-2018-5685 )

The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. (CVE-2017-11140 )

In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. (CVE-2017-13147 )

GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. (CVE-2017-11643 )

GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. (CVE-2017-11641 )

In GraphicsMagick there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. (CVE-2017-17915 )

In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. (CVE-2017-17783 )

In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. (CVE-2017-17782 )

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. (CVE-2017-16669 )

In GraphicsMagick there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. (CVE-2017-17912 )

The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. (CVE-2017-11102 )

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. (CVE-2017-11637 )

GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. (CVE-2017-11636 )


Affected Packages:

GraphicsMagick


Issue Correction:
Run yum update GraphicsMagick to update your system.

New Packages:
i686:
    GraphicsMagick-c++-1.3.28-1.12.amzn1.i686
    GraphicsMagick-1.3.28-1.12.amzn1.i686
    GraphicsMagick-devel-1.3.28-1.12.amzn1.i686
    GraphicsMagick-perl-1.3.28-1.12.amzn1.i686
    GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.i686
    GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.i686

noarch:
    GraphicsMagick-doc-1.3.28-1.12.amzn1.noarch

src:
    GraphicsMagick-1.3.28-1.12.amzn1.src

x86_64:
    GraphicsMagick-c++-1.3.28-1.12.amzn1.x86_64
    GraphicsMagick-devel-1.3.28-1.12.amzn1.x86_64
    GraphicsMagick-perl-1.3.28-1.12.amzn1.x86_64
    GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.x86_64
    GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.x86_64
    GraphicsMagick-1.3.28-1.12.amzn1.x86_64