MGASA-2022-0446 - Updated imagemagick packages fix security vulnerability

Publication date: 06 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0446.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-3574,
     CVE-2021-4219,
     CVE-2021-20224,
     CVE-2021-20309,
     CVE-2021-20311,
     CVE-2021-20312,
     CVE-2021-20313,
     CVE-2022-0284,
     CVE-2022-1114,
     CVE-2022-1270,
     CVE-2022-2719,
     CVE-2022-3213,
     CVE-2022-28463,
     CVE-2022-32545,
     CVE-2022-32546,
     CVE-2022-32547

A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)

A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)

An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)

A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20309)

A flaw was found in ImageMagick in versions before 7.0.11, where a
division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
may trigger undefined behavior via a crafted image file that is submitted
by an attacker processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20311)

A flaw was found in ImageMagick in versions 7.0.11, where an integer
overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20312)

A flaw was found in ImageMagick in versions before 7.0.11. A potential
cipher leak when the calculate signatures in TransformSignature is
possible. The highest threat from this vulnerability is to data
confidentiality. (CVE-2021-20313)

A heap-based-buffer-over-read flaw was found in ImageMagick's
GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is
triggered when an attacker passes a specially crafted Tagged Image File
Format (TIFF) image to convert it into a PICON file format. This issue can
potentially lead to a denial of service and information disclosure.
(CVE-2022-0284)

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo()
function of dcm.c file. This vulnerability is triggered when an attacker
passes a specially crafted DICOM image file to ImageMagick for conversion,
potentially leading to information disclosure and a denial of service.
(CVE-2022-1114)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
(CVE-2022-1270)

In ImageMagick, a crafted file could trigger an assertion failure when a
call to WriteImages was made in MagickWand/operation.c, due to a NULL
image list. This could potentially cause a denial of service. This was
fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

A heap buffer overflow issue was found in ImageMagick. When an application
processes a malformed TIFF file, it could lead to undefined behavior or a
crash causing a denial of service. (CVE-2022-3213)

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned char' at coders/psd.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32545)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned long' at coders/pcl.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32546)

In ImageMagick, there is load of misaligned address for type 'double',
which requires 8 byte alignment and for type 'float', which requires 4
byte alignment at MagickCore/property.c. Whenever crafted or untrusted
input is processed by ImageMagick, this causes a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32547)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29054
- https://lists.opensuse.org/archives/list/[email protected]/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
- https://ubuntu.com/security/notices/USN-5158-1
- https://lists.opensuse.org/archives/list/[email protected]/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
- https://www.debian.org/lts/security/2022/dla-3007
- https://lists.opensuse.org/archives/list/[email protected]/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
- https://ubuntu.com/security/notices/USN-5456-1
- https://lists.opensuse.org/archives/list/[email protected]/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
- https://ubuntu.com/security/notices/USN-5534-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
- https://lists.opensuse.org/archives/list/[email protected]/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
- https://ubuntu.com/security/notices/USN-5736-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0284
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1114
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547

SRPMS:
- 8/tainted/imagemagick-7.1.0.52-1.1.mga8.tainted
- 8/tainted/abydos-0.2.3-4.2.mga8.tainted
- 8/tainted/transcode-1.1.7-29.2.mga8.tainted
- 8/tainted/xine-lib1.2-1.2.11-1.2.mga8.tainted
- 8/core/imagemagick-7.1.0.52-1.1.mga8
- 8/core/abydos-0.2.3-4.2.mga8
- 8/core/converseen-0.9.8.1-4.2.mga8
- 8/core/digikam-7.1.0-4.2.mga8
- 8/core/libopenshot-0.2.5-5.2.mga8
- 8/core/php-imagick-3.4.5-0.git20201230.2.2.mga8
- 8/core/synfig-1.2.2-11.2.mga8
- 8/core/windowmaker-0.95.9-3.2.mga8
- 8/core/xine-lib1.2-1.2.11-1.2.mga8
- 8/core/zbar-0.23.1-5.2.mga8