Debian Graphicsmagick vulnerabilities

CVE-2017-9098 [HIGH] CVE-2017-9098: graphicsmagick - ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized me... ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initia

CVE-2017-15930 [HIGH] CVE-2017-15930: graphicsmagick - In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dere... In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. Scope: local bookworm: resolved (fixed in 1.3.26-16) bullseye: resolved (fixed in 1.3.26-16) forky: resolved (fixed in 1.3.26-16) sid: resolved (fixed in 1.3.26-16) trixie: resolved (fixed in 1.3.2

CVE-2017-11642 [HIGH] CVE-2017-11642: graphicsmagick - GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() func... GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. Scope: local bookworm: resolved (fixed in 1.3.26-4) bullseye: resolved (fixed in 1.3.26-4) forky: resolved (fixed in 1.3.26-4) sid: resolved (fixed in 1.3.26-4) trixie: res

CVE-2017-11638 [HIGH] CVE-2017-11638: graphicsmagick - GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() functi... GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. Scope: local bookworm: resolved (fixed in 1.3.26-4) bullseye: resolved (fixed in 1.3.26-4) forky: resolved (fixed in 1.3.26-4) sid: resolved (fixed in 1.3.26-4) trixie: resol

CVE-2017-14103 [HIGH] CVE-2017-14103: graphicsmagick - The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick... The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for

CVE-2017-16352 [HIGH] CVE-2017-16352: graphicsmagick - GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerabilit... GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. Scope: local bookworm:

CVE-2017-15238 [HIGH] CVE-2017-15238: graphicsmagick - ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free is... ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. Scope: local bookworm: resolved (fixed in 1.3.26-14) bullseye: resolved (fixed in 1.3.26-14) forky: resolved (fixed in 1.3.26-14) sid: resolved (fixed in 1.3.26-14) trixie: resolved (fixed in 1.3.26-14)

CVE-2017-17783 [HIGH] CVE-2017-17783: graphicsmagick - In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coder... In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. Scope: local bookworm: resolved (fixed in 1.3.27-2) bullseye: resolved (fixed in 1.3.27-2) forky: resolved (fixed in 1.3.27-2) sid: resolved (fixed in 1.3.27-2) trixie: resolved (fixed in 1.3.27-2)

CVE-2017-17498 [HIGH] CVE-2017-17498: graphicsmagick - WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers t... WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resol

CVE-2017-17500 [HIGH] CVE-2017-17500: graphicsmagick - ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c Impo... ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: resolved (fixed in 1.3.27-1) trixie: resolved (fixed in 1.3.27-1)

CVE-2017-17912 [HIGH] CVE-2017-17912: graphicsmagick - In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-re... In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. Scope: local bookworm: resolved (fixed in 1.3.27-3) bullseye: resolved (fixed in 1.3.27-3) forky: resolved (fixed in 1.3.27-3) sid: resolved (fixed in 1.3.27-3) trixie: res

CVE-2017-12937 [HIGH] CVE-2017-12937: graphicsmagick - The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colorma... The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. Scope: local bookworm: resolved (fixed in 1.3.26-6) bullseye: resolved (fixed in 1.3.26-6) forky: resolved (fixed in 1.3.26-6) sid: resolved (fixed in 1.3.26-6) trixie: resolved (fixed in 1.3.26-6)

CVE-2017-18220 [HIGH] CVE-2017-18220: graphicsmagick - The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick... The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. Scope: local bookworm: resolved (fixed in 1.3.26-8) bullseye: resolved (fixed in 1.

CVE-2017-16547 [HIGH] CVE-2017-16547: graphicsmagick - The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not prop... The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.26-18)

CVE-2017-17503 [HIGH] CVE-2017-17503: graphicsmagick - ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c Im... ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: resolved (fixed in 1.3.27-1) trixie: resolved (fixed in 1.3.27-1)

CVE-2017-17502 [HIGH] CVE-2017-17502: graphicsmagick - ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c Im... ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: resolved (fixed in 1.3.27-1) trixie: resolved (fixed in 1.3.27-1)

CVE-2017-17915 [HIGH] CVE-2017-17915: graphicsmagick - In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-re... In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. Scope: local bookworm: resolved (fixed in 1.3.27-3) bullseye: resolved (fixed in 1.3.27-3) forky: resolved (fixed in 1.3.27-3) sid: resolved (fixed in 1.3.27-3) trixi

CVE-2017-17913 [HIGH] CVE-2017-17913: graphicsmagick - In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-r... In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. Scope: local bookworm: resolved (fixed in 1.3.27-3) bullseye: resolved (fixed in 1.3.27-3) forky: resolved (fixed in 1.3.27-3) sid: re

CVE-2017-11403 [HIGH] CVE-2017-11403: graphicsmagick - The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of... The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.26-3) bullseye: resolved (fixed in 1.3.26-3) forky: resolved (fixed in 1.3.26-3) sid: resolved (fixed in 1.3.26-3) trixie: resolved (fixed in 1.3.26-3)

CVE-2017-17501 [HIGH] CVE-2017-17501: graphicsmagick - WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffe... WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: resolved (fixed in 1.3.27-1) trixie: resolved (fixed in 1.3.27-1)