Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues:
- CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939)
- CVE-2020-21679: Fixed a buffer overflow in WritePCXImage function in pcx.c which may allow a remote attackers to cause a denial of service. (bsc#1214578)
- CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-private.h (bsc#1213624).
- CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791).
- CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141)
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983).
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982).
- CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387)
- CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389)
- CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388)
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
- CVE-2022-2719: Fixed a reachable assertion that could lead to denial of service via a crafted file (bsc#1202250).
- CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563).
- CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212).
- CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628)
- CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627)
- CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626)
- CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624)
- CVE-2021-20246: Division by zero in ScaleResampleFilter in MagickCore/resample.c (bsc#1182337).
- CVE-2021-20244: Division by zero in ImplodeImage in MagickCore/visual-effects.c (bsc#1182325).
- CVE-2021-20243: Division by zero in GetResizeFilterWeight in MagickCore/resize.c (bsc#1182336).
- CVE-2021-20241: Division by zero in WriteJP2Image() in coders/jp2.c (bsc#1182335).
- CVE-2021-20224: Fixed an integer overflow that could be triggered via a crafted file (bsc#1202800).
- CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836).
- CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866)
Bugfixes:
- Use png_get_eXIf_1 when available (bsc#1197147).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Ссылки
- Link for SUSE-SU-2023:4634-1
- E-Mail link for SUSE-SU-2023:4634-1
- SUSE Security Ratings
- SUSE Bug 1153866
- SUSE Bug 1181836
- SUSE Bug 1182325
- SUSE Bug 1182335
- SUSE Bug 1182336
- SUSE Bug 1182337
- SUSE Bug 1184624
- SUSE Bug 1184626
- SUSE Bug 1184627
- SUSE Bug 1184628
- SUSE Bug 1195563
- SUSE Bug 1197147
- SUSE Bug 1199350
- SUSE Bug 1200387
- SUSE Bug 1200388
- SUSE Bug 1200389
- SUSE Bug 1202250
Описание
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
Затронутые продукты
Ссылки
- CVE-2019-17540
- SUSE Bug 1153866
Описание
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
Затронутые продукты
Ссылки
- CVE-2020-21679
- SUSE Bug 1214578
Описание
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20176
- SUSE Bug 1181836
- SUSE Bug 1182326
Описание
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
Затронутые продукты
Ссылки
- CVE-2021-20224
- SUSE Bug 1202800
Описание
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20241
- SUSE Bug 1182335
Описание
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20243
- SUSE Bug 1182336
Описание
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20244
- SUSE Bug 1182325
Описание
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20246
- SUSE Bug 1182337
Описание
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20309
- SUSE Bug 1184624
Описание
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20311
- SUSE Bug 1184626
Описание
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Ссылки
- CVE-2021-20312
- SUSE Bug 1184627
Описание
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-20313
- SUSE Bug 1184628
Описание
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
Затронутые продукты
Ссылки
- CVE-2022-0284
- SUSE Bug 1195563
Описание
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
Затронутые продукты
Ссылки
- CVE-2022-2719
- SUSE Bug 1202250
Описание
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
Затронутые продукты
Ссылки
- CVE-2022-28463
- SUSE Bug 1199350
Описание
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
Затронутые продукты
Ссылки
- CVE-2022-32545
- SUSE Bug 1200388
Описание
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
Затронутые продукты
Ссылки
- CVE-2022-32546
- SUSE Bug 1200389
- SUSE Bug 1211791
Описание
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
Затронутые продукты
Ссылки
- CVE-2022-32547
- SUSE Bug 1200387
Описание
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Затронутые продукты
Ссылки
- CVE-2022-44267
- SUSE Bug 1207982
Описание
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Затронутые продукты
Ссылки
- CVE-2022-44268
- SUSE Bug 1207983
Описание
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Затронутые продукты
Ссылки
- CVE-2023-1289
- SUSE Bug 1209141
Описание
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Затронутые продукты
Ссылки
- CVE-2023-34151
- SUSE Bug 1211791
Описание
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3745
- SUSE Bug 1213624
Описание
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
Затронутые продукты
Ссылки
- CVE-2023-5341
- SUSE Bug 1215939