Bug#927029: graphicsmagick: Multiple heap-based buffer over-reads

[Markus Koschany]

Package: graphicsmagick
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for graphicsmagick.

CVE-2019-11005[0]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based
| buffer overflow in the function SVGStartElement of coders/svg.c, which
| allows remote attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via a quoted font
| family value.


CVE-2019-11006[1]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based
| buffer over-read in the function ReadMIFFImage of coders/miff.c, which
| allows attackers to cause a denial of service or information
| disclosure via an RLE packet.


CVE-2019-11007[2]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based
| buffer over-read in the ReadMNGImage function of coders/png.c, which
| allows attackers to cause a denial of service or information
| disclosure via an image colormap.


CVE-2019-11008[3]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based
| buffer overflow in the function WriteXWDImage of coders/xwd.c, which
| allows remote attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via a crafted image
| file.


CVE-2019-11009[4]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based
| buffer over-read in the function ReadXWDImage of coders/xwd.c, which
| allows attackers to cause a denial of service or information
| disclosure via a crafted image file.


CVE-2019-11010[5]:
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in
| the function ReadMPCImage of coders/mpc.c, which allows attackers to
| cause a denial of service via a crafted image file.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-11005
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11005
[1] https://security-tracker.debian.org/tracker/CVE-2019-11006
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006
[2] https://security-tracker.debian.org/tracker/CVE-2019-11007
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11007
[3] https://security-tracker.debian.org/tracker/CVE-2019-11008
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11008
[4] https://security-tracker.debian.org/tracker/CVE-2019-11009
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11009
[5] https://security-tracker.debian.org/tracker/CVE-2019-11010
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11010

Please adjust the affected versions in the BTS as needed.

Regards,

Markus

signature.asc
Description: OpenPGP digital signature