Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Debian 7: DLA-1322-1 Critical: Graphicsmagick Denial Of Service

debian lts
Calendar Grey March 28, 2018
Dist Debian Esm H88
Enhance ImageMagick to address several potential vulnerabilities identified in Debian 7 "Wheezy" to improve security measures.
Various security issues were discovered in Graphicsmagick, a collection of image processing tools

Summary

CVE-2017-18220
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c allow
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted file, a related issue
to CVE-2017-11403.

CVE-2017-18229
An allocation failure vulnerability was found in the function
ReadTIFFImage in coders/tiff.c, which allows attackers to cause a
denial of service via a crafted file, because file size is not
properly used to restrict scanline, strip, and tile allocations.

CVE-2017-18230
A NULL pointer dereference vulnerability was found in the function
ReadCINEONImage in coders/cineon.c, which allows attackers to cause
a denial of service via a crafted file.

CVE-2017-18231
A NULL pointer dereference vulnerability was found in the function
ReadEnhMetaFile in coders/emf.c, which allows attackers to cause
a denial of service via a crafted file.

CVE-2018-9018
There is a divide-by-zero error in the ReadMNGImage function of

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: graphicsmagick
Version: 1.3.16-1.1+deb7u19
CVE ID: CVE-2017-18219 CVE-2017-18220 CVE-2017-18229

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here