Mageia 2022-0446: imagemagick security update | LinuxSecurity.com
MGASA-2022-0446 - Updated imagemagick packages fix security vulnerability

Publication date: 06 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0446.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-3574,
     CVE-2021-4219,
     CVE-2021-20224,
     CVE-2021-20309,
     CVE-2021-20311,
     CVE-2021-20312,
     CVE-2021-20313,
     CVE-2022-0284,
     CVE-2022-1114,
     CVE-2022-1270,
     CVE-2022-2719,
     CVE-2022-3213,
     CVE-2022-28463,
     CVE-2022-32545,
     CVE-2022-32546,
     CVE-2022-32547

A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)

A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)

An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)

A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20309)

A flaw was found in ImageMagick in versions before 7.0.11, where a
division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
may trigger undefined behavior via a crafted image file that is submitted
by an attacker processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20311)

A flaw was found in ImageMagick in versions 7.0.11, where an integer
overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20312)

A flaw was found in ImageMagick in versions before 7.0.11. A potential
cipher leak when the calculate signatures in TransformSignature is
possible. The highest threat from this vulnerability is to data
confidentiality. (CVE-2021-20313)

A heap-based-buffer-over-read flaw was found in ImageMagick's
GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is
triggered when an attacker passes a specially crafted Tagged Image File
Format (TIFF) image to convert it into a PICON file format. This issue can
potentially lead to a denial of service and information disclosure.
(CVE-2022-0284)

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo()
function of dcm.c file. This vulnerability is triggered when an attacker
passes a specially crafted DICOM image file to ImageMagick for conversion,
potentially leading to information disclosure and a denial of service.
(CVE-2022-1114)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
(CVE-2022-1270)

In ImageMagick, a crafted file could trigger an assertion failure when a
call to WriteImages was made in MagickWand/operation.c, due to a NULL
image list. This could potentially cause a denial of service. This was
fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

A heap buffer overflow issue was found in ImageMagick. When an application
processes a malformed TIFF file, it could lead to undefined behavior or a
crash causing a denial of service. (CVE-2022-3213)

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned char' at coders/psd.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32545)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned long' at coders/pcl.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32546)

In ImageMagick, there is load of misaligned address for type 'double',
which requires 8 byte alignment and for type 'float', which requires 4
byte alignment at MagickCore/property.c. Whenever crafted or untrusted
input is processed by ImageMagick, this causes a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32547)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29054
- https://lists.opensuse.org/archives/list/[email protected]/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
- https://ubuntu.com/security/notices/USN-5158-1
- https://lists.opensuse.org/archives/list/[email protected]/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
- https://www.debian.org/lts/security/2022/dla-3007
- https://lists.opensuse.org/archives/list/[email protected]/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
- https://ubuntu.com/security/notices/USN-5456-1
- https://lists.opensuse.org/archives/list/[email protected]/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
- https://ubuntu.com/security/notices/USN-5534-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
- https://lists.opensuse.org/archives/list/[email protected]/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
- https://ubuntu.com/security/notices/USN-5736-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0284
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1114
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547

SRPMS:
- 8/tainted/imagemagick-7.1.0.52-1.1.mga8.tainted
- 8/tainted/abydos-0.2.3-4.2.mga8.tainted
- 8/tainted/transcode-1.1.7-29.2.mga8.tainted
- 8/tainted/xine-lib1.2-1.2.11-1.2.mga8.tainted
- 8/core/imagemagick-7.1.0.52-1.1.mga8
- 8/core/abydos-0.2.3-4.2.mga8
- 8/core/converseen-0.9.8.1-4.2.mga8
- 8/core/digikam-7.1.0-4.2.mga8
- 8/core/libopenshot-0.2.5-5.2.mga8
- 8/core/php-imagick-3.4.5-0.git20201230.2.2.mga8
- 8/core/synfig-1.2.2-11.2.mga8
- 8/core/windowmaker-0.95.9-3.2.mga8
- 8/core/xine-lib1.2-1.2.11-1.2.mga8
- 8/core/zbar-0.23.1-5.2.mga8

Mageia 2022-0446: imagemagick security update

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks

Summary

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. (CVE-2021-3574)
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (CVE-2021-20224)
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20309)
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311)
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312)
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20313)
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. (CVE-2022-0284)
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114)
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213)
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)

References

- https://bugs.mageia.org/show_bug.cgi?id=29054

- https://lists.opensuse.org/archives/list/[email protected]/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/

- https://ubuntu.com/security/notices/USN-5158-1

- https://lists.opensuse.org/archives/list/[email protected]/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/

- https://www.debian.org/lts/security/2022/dla-3007

- https://lists.opensuse.org/archives/list/[email protected]/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/

- https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html

- https://ubuntu.com/security/notices/USN-5456-1

- https://lists.opensuse.org/archives/list/[email protected]/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/

- https://ubuntu.com/security/notices/USN-5534-1

- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html

- https://lists.opensuse.org/archives/list/[email protected]/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/

- https://lists.opensuse.org/archives/list/[email protected]/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/

- https://ubuntu.com/security/notices/USN-5736-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20309

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20313

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0284

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1114

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28463

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547

Resolution

MGASA-2022-0446 - Updated imagemagick packages fix security vulnerability

SRPMS

- 8/tainted/imagemagick-7.1.0.52-1.1.mga8.tainted

- 8/tainted/abydos-0.2.3-4.2.mga8.tainted

- 8/tainted/transcode-1.1.7-29.2.mga8.tainted

- 8/tainted/xine-lib1.2-1.2.11-1.2.mga8.tainted

- 8/core/imagemagick-7.1.0.52-1.1.mga8

- 8/core/abydos-0.2.3-4.2.mga8

- 8/core/converseen-0.9.8.1-4.2.mga8

- 8/core/digikam-7.1.0-4.2.mga8

- 8/core/libopenshot-0.2.5-5.2.mga8

- 8/core/php-imagick-3.4.5-0.git20201230.2.2.mga8

- 8/core/synfig-1.2.2-11.2.mga8

- 8/core/windowmaker-0.95.9-3.2.mga8

- 8/core/xine-lib1.2-1.2.11-1.2.mga8

- 8/core/zbar-0.23.1-5.2.mga8

Severity
Publication date: 06 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0446.html
Type: security
CVE: CVE-2021-3574, CVE-2021-4219, CVE-2021-20224, CVE-2021-20309, CVE-2021-20311, CVE-2021-20312, CVE-2021-20313, CVE-2022-0284, CVE-2022-1114, CVE-2022-1270, CVE-2022-2719, CVE-2022-3213, CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.