Debian LTS: DLA-1154-1 Critical: GraphicsMagick Denial of Service Issues
debian lts
October 31, 2017
Multiple vulnerabilities were found in graphicsmagick
Topics Covered
Summary
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after
certain error conditions, which allows remote attackers to conduct
use-after-free attacks via a crafted file, related to a
ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2017-11403.
CVE-2017-14314
Off-by-one error in the DrawImage function in magick/render.c in
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of
service (DrawDashPolygon heap-based buffer over-read and
application crash) via a crafted file.
CVE-2017-14504
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not
ensure the correct number of colors for the XV 332 format, leading
to a NULL Pointer Dereference.
CVE-2017-14733
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles
RLE headers that specify too few colors, which allows remote
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: graphicsmagick
Version: 1.3.16-1.1+deb7u12
CVE ID: CVE-2017-14103 CVE-2017-14314 CVE-2017-14504
Debian Bug: 879999
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!