Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-2523-1: imagemagick security update

    Date 12 Jan 2021
    436
    Posted By LinuxSecurity Advisories
    Several security vulnerabilities were found in ImageMagick, a suite of image manipulation programs. An attacker could cause denial of service and execution of arbitrary code when a crafted image file is processed.
    
    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-2523-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/lts/security/                                     
    January 12, 2021                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------
    
    Package        : imagemagick
    Version        : 8:6.9.7.4+dfsg-11+deb9u11
    CVE ID         : CVE-2017-14528 CVE-2020-19667 CVE-2020-25665 CVE-2020-25674 
                     CVE-2020-27560 CVE-2020-27750 CVE-2020-27760 CVE-2020-27763 
                     CVE-2020-27765 CVE-2020-27773 CVE-2020-29599
    Debian Bug     : 878544 972797 977205
    
    Several security vulnerabilities were found in ImageMagick, a suite of
    image manipulation programs. An attacker could cause denial of service
    and execution of arbitrary code when a crafted image file is
    processed.
    
    CVE-2017-14528
    
        The TIFFSetProfiles function in coders/tiff.c has incorrect
        expectations about whether LibTIFF TIFFGetField return values
        imply that data validation has occurred, which allows remote
        attackers to cause a denial of service (use-after-free after an
        invalid call to TIFFSetField, and application crash) via a crafted
        file.
    
    CVE-2020-19667
    
        Stack-based buffer overflow and unconditional jump in ReadXPMImage
        in coders/xpm.c
    
    CVE-2020-25665
    
        The PALM image coder at coders/palm.c makes an improper call to
        AcquireQuantumMemory() in routine WritePALMImage() because it
        needs to be offset by 256. This can cause a out-of-bounds read
        later on in the routine. This could cause impact to reliability.
    
    CVE-2020-25674
    
        WriteOnePNGImage() from coders/png.c (the PNG coder) has a for
        loop with an improper exit condition that can allow an
        out-of-bounds READ via heap-buffer-overflow. This occurs because
        it is possible for the colormap to have less than 256 valid values
        but the loop condition will loop 256 times, attempting to pass
        invalid colormap data to the event logger.
    
    CVE-2020-27560
    
        ImageMagick allows Division by Zero in OptimizeLayerFrames in
        MagickCore/layer.c, which may cause a denial of service.
    
    CVE-2020-27750
    
        A flaw was found in MagickCore/colorspace-private.h and
        MagickCore/quantum.h. An attacker who submits a crafted file that
        is processedcould trigger undefined behavior in the form of values
        outside the range of type `unsigned char` and math division by
        zero. This would most likely lead to an impact to application
        availability, but could potentially cause other problems related
        to undefined behavior.
    
    CVE-2020-27760
    
        In `GammaImage()` of /MagickCore/enhance.c, depending on the
        `gamma` value, it's possible to trigger a divide-by-zero condition
        when a crafted input file is processed by ImageMagick. This could
        lead to an impact to application availability.
    
    CVE-2020-27763
    
        A flaw was found in MagickCore/resize.c. An attacker who submits a
        crafted file that is processed by ImageMagick could trigger
        undefined behavior in the form of math division by zero. This
        would most likely lead to an impact to application availability,
        but could potentially cause other problems related to undefined
        behavior.
    
    CVE-2020-27765
    
        A flaw was found in MagickCore/segment.c. An attacker who submits
        a crafted file that is processed by ImageMagick could trigger
        undefined behavior in the form of math division by zero. This
        would most likely lead to an impact to application availability,
        but could potentially cause other problems related to undefined
        behavior.
    
    CVE-2020-27773
    
        A flaw was found in MagickCore/gem-private.h. An attacker who
        submits a crafted file that is processed by ImageMagick could
        trigger undefined behavior in the form of values outside the range
        of type `unsigned char` or division by zero. This would most
        likely lead to an impact to application availability, but could
        potentially cause other problems related to undefined behavior.
    
    CVE-2020-29599
    
        ImageMagick mishandles the -authenticate option, which allows
        setting a password for password-protected PDF files. The
        user-controlled password was not properly escaped/sanitized and it
        was therefore possible to inject additional shell commands via
        coders/pdf.c.
    
    For Debian 9 stretch, these problems have been fixed in version
    8:6.9.7.4+dfsg-11+deb9u11.
    
    We recommend that you upgrade your imagemagick packages.
    
    For the detailed security status of imagemagick please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/imagemagick
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.