Advisories ยป MGASA-2022-0446

Updated imagemagick packages fix security vulnerability

Publication date: 06 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3574 , CVE-2021-4219 , CVE-2021-20224 , CVE-2021-20309 , CVE-2021-20311 , CVE-2021-20312 , CVE-2021-20313 , CVE-2022-0284 , CVE-2022-1114 , CVE-2022-1270 , CVE-2022-2719 , CVE-2022-3213 , CVE-2022-28463 , CVE-2022-32545 , CVE-2022-32546 , CVE-2022-32547

Description

A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)

A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)

An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)

A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20309)

A flaw was found in ImageMagick in versions before 7.0.11, where a
division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
may trigger undefined behavior via a crafted image file that is submitted
by an attacker processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20311)

A flaw was found in ImageMagick in versions 7.0.11, where an integer
overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20312)

A flaw was found in ImageMagick in versions before 7.0.11. A potential
cipher leak when the calculate signatures in TransformSignature is
possible. The highest threat from this vulnerability is to data
confidentiality. (CVE-2021-20313)

A heap-based-buffer-over-read flaw was found in ImageMagick's
GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is
triggered when an attacker passes a specially crafted Tagged Image File
Format (TIFF) image to convert it into a PICON file format. This issue can
potentially lead to a denial of service and information disclosure.
(CVE-2022-0284)

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo()
function of dcm.c file. This vulnerability is triggered when an attacker
passes a specially crafted DICOM image file to ImageMagick for conversion,
potentially leading to information disclosure and a denial of service.
(CVE-2022-1114)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
(CVE-2022-1270)

In ImageMagick, a crafted file could trigger an assertion failure when a
call to WriteImages was made in MagickWand/operation.c, due to a NULL
image list. This could potentially cause a denial of service. This was
fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

A heap buffer overflow issue was found in ImageMagick. When an application
processes a malformed TIFF file, it could lead to undefined behavior or a
crash causing a denial of service. (CVE-2022-3213)

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned char' at coders/psd.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32545)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned long' at coders/pcl.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32546)

In ImageMagick, there is load of misaligned address for type 'double',
which requires 8 byte alignment and for type 'float', which requires 4
byte alignment at MagickCore/property.c. Whenever crafted or untrusted
input is processed by ImageMagick, this causes a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32547)
                

References

SRPMS

8/tainted

8/core