[Secure-testing-team] Bug#870149: CVE-2017-11636, CVE-2017-11637, CVE-2017-11638, CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722
Markus Koschany
apo at debian.org
Sun Jul 30 14:19:05 UTC 2017
Package: graphicsmagick
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for graphicsmagick.
CVE-2017-11636[0]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()
| function in coders/rgb.c when processing multiple frames that have
| non-identical widths.
CVE-2017-11637[1]:
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the
| WritePCLImage() function in coders/pcl.c during writes of monochrome
| images.
CVE-2017-11638[2]:
| GraphicsMagick 1.3.26 has a segmentation violation in the
| WriteMAPImage() function in coders/map.c when processing a
| non-colormapped image, a different vulnerability than CVE-2017-11642.
CVE-2017-11641[3]:
| GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in
| magick/pixel_cache.c during writing of Magick Persistent Cache (MPC)
| files.
CVE-2017-11642[4]:
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the
| WriteMAPImage() function in coders/map.c when processing a
| non-colormapped image, a different vulnerability than CVE-2017-11638.
CVE-2017-11643[5]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage()
| function in coders/cmyk.c when processing multiple frames that have
| non-identical widths.
CVE-2017-11722[6]:
| The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26
| allows remote attackers to cause a denial of service (out-of-bounds
| read and application crash) via a crafted file, because the program's
| actual control flow was inconsistent with its indentation. This
| resulted in a logging statement executing outside of a loop, and
| consequently using an invalid array index corresponding to the loop's
| exit condition.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11636
[1] https://security-tracker.debian.org/tracker/CVE-2017-11637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11637
[2] https://security-tracker.debian.org/tracker/CVE-2017-11638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11638
[3] https://security-tracker.debian.org/tracker/CVE-2017-11641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11641
[4] https://security-tracker.debian.org/tracker/CVE-2017-11642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11642
[5] https://security-tracker.debian.org/tracker/CVE-2017-11643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11643
[6] https://security-tracker.debian.org/tracker/CVE-2017-11722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11722
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20170730/5c58d39f/attachment.sig>
More information about the Secure-testing-team
mailing list