Debian Stretch: DLA-2523-1 Critical: ImageMagick Code Execution Risk
debian lts
January 12, 2021
Several security vulnerabilities were found in ImageMagick, a suite of image manipulation programs
Summary
CVE-2017-14528
The TIFFSetProfiles function in coders/tiff.c has incorrect
expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote
attackers to cause a denial of service (use-after-free after an
invalid call to TIFFSetField, and application crash) via a crafted
file.
CVE-2020-19667
Stack-based buffer overflow and unconditional jump in ReadXPMImage
in coders/xpm.c
CVE-2020-25665
The PALM image coder at coders/palm.c makes an improper call to
AcquireQuantumMemory() in routine WritePALMImage() because it
needs to be offset by 256. This can cause a out-of-bounds read
later on in the routine. This could cause impact to reliability.
CVE-2020-25674
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for
loop with an improper exit condition that can allow an
out-of-bounds READ via heap-buffer-overflow. This occurs because
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.9.7.4+dfsg-11+deb9u11
CVE ID: CVE-2017-14528 CVE-2020-19667 CVE-2020-25665 CVE-2020-25674
Debian Bug: 878544 972797 977205
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!