Debian 7: DLA-1159-1 Important Security Alert for Graphicsmagick Issues
debian lts
November 3, 2017
Maor Shwartz, Jeremy Heng and Terry Chia discovered two security vulnerabilities in Graphicsmagick, a collection of image processing tool s
Topics Covered
Summary
CVE-2017-16352
Graphicsmagick was vulnerable to a heap-based buffer
overflow vulnerability found in the "Display visual image directory"
feature of the DescribeImage() function of the magick/describe.c
file. One possible way to trigger the vulnerability is to run the
identify command on a specially crafted MIFF format file with the
verbose flag.
CVE-2017-16353
Graphicsmagick was vulnerable to a memory information disclosure
vulnerability found in the DescribeImage function of the
magick/describe.c file, because of a heap-based buffer over-read. The
portion of the code containing the vulnerability is responsible for
printing the IPTC Profile information contained in the image. This
vulnerability can be triggered with a specially crafted MIFF file.
There is an out-of-bounds buffer dereference because certain
increments are never checked.
For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u13.
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u13
CVE ID: CVE-2017-16352 CVE-2017-16353
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!