Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7068-1

Ubuntu Security Notice 7068-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker could exploit this to cause a denial of service or affect the reliability of the system. The vulnerabilities included memory leaks, buffer overflows, and improper handling of pixel data.

Packet Storm
#vulnerability#ubuntu#dos#perl#buffer_overflow#ibm
==========================================================================Ubuntu Security Notice USN-7068-1October 15, 2024imagemagick vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in ImageMagick.Software Description:- imagemagick: Image manipulation programs and libraryDetails:It was discovered that ImageMagick incorrectly handled certainmalformed image files. If a user or automated system using ImageMagickwere tricked into processing a specially crafted file, an attacker couldexploit this to cause a denial of service or affect the reliability of thesystem. The vulnerabilities included memory leaks, buffer overflows, andimproper handling of pixel data.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libimage-magick-perl            8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libimage-magick-q16-perl        8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagickcore-6-headers         8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagickcore-6.q16-2-extra     8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagickcore-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu Pro  libmagickwand-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm11                                  Available with Ubuntu ProUbuntu 14.04 LTS  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu Pro  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm11                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-7068-1 <https://ubuntu.com/security/notices/USN-7068-1>  CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2020-19667,  CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674,  CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27753,  CVE-2020-27754, CVE-2020-27755, CVE-2020-27758, CVE-2020-27759,  CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763,  CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767,  CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771,  CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775,  CVE-2020-27776

Related news

CVE-2020-27769: Invalid Bug ID

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

CVE-2020-27768: Invalid Bug ID

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27773: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27772: Invalid Bug ID

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27775: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27774: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27776: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27767: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27770: Invalid Bug ID

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVE-2020-27771: Invalid Bug ID

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27766: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.

CVE-2020-27765: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27764: https://github.com/ImageMagick/ImageMagick/issues/1735 · ImageMagick/ImageMagick6@3e21bc8

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.

CVE-2020-27763: Invalid Bug ID

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVE-2020-27560: There is a Division by Zero in function OptimizeLayerFrames (#2743) · ImageMagick/ImageMagick@ef59bd7

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution