Advisories » MGASA-2022-0446

Updated imagemagick packages fix security vulnerability

Publication date: 06 Dec 2022
Modification date: 06 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3574 , CVE-2021-4219 , CVE-2021-20224 , CVE-2021-20309 , CVE-2021-20311 , CVE-2021-20312 , CVE-2021-20313 , CVE-2022-0284 , CVE-2022-1114 , CVE-2022-1270 , CVE-2022-2719 , CVE-2022-3213 , CVE-2022-28463 , CVE-2022-32545 , CVE-2022-32546 , CVE-2022-32547

Description

A vulnerability was found in ImageMagick-7.0.11-5, where executing a
crafted file with the convert command, ASAN detects memory leaks.
(CVE-2021-3574)

A flaw was found in ImageMagick. The vulnerability occurs due to improper
use of open functions and leads to a denial of service. This flaw allows
an attacker to crash the system. (CVE-2021-4219)

An integer overflow issue was discovered in ImageMagick's
ExportIndexQuantum() function in MagickCore/quantum-export.c. Function
calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a
crafted pdf file, this could lead to an undefined behaviour or a crash.
(CVE-2021-20224)

A flaw was found in ImageMagick in versions before 7.0.11 and before
6.9.12, where a division by zero in WaveImage() of
MagickCore/visual-effects.c may trigger undefined behavior via a crafted
image file submitted to an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20309)

A flaw was found in ImageMagick in versions before 7.0.11, where a
division by zero in sRGBTransformImage() in the MagickCore/colorspace.c
may trigger undefined behavior via a crafted image file that is submitted
by an attacker processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20311)

A flaw was found in ImageMagick in versions 7.0.11, where an integer
overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest
threat from this vulnerability is to system availability. (CVE-2021-20312)

A flaw was found in ImageMagick in versions before 7.0.11. A potential
cipher leak when the calculate signatures in TransformSignature is
possible. The highest threat from this vulnerability is to data
confidentiality. (CVE-2021-20313)

A heap-based-buffer-over-read flaw was found in ImageMagick's
GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is
triggered when an attacker passes a specially crafted Tagged Image File
Format (TIFF) image to convert it into a PICON file format. This issue can
potentially lead to a denial of service and information disclosure.
(CVE-2022-0284)

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo()
function of dcm.c file. This vulnerability is triggered when an attacker
passes a specially crafted DICOM image file to ImageMagick for conversion,
potentially leading to information disclosure and a denial of service.
(CVE-2022-1114)

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
(CVE-2022-1270)

In ImageMagick, a crafted file could trigger an assertion failure when a
call to WriteImages was made in MagickWand/operation.c, due to a NULL
image list. This could potentially cause a denial of service. This was
fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

A heap buffer overflow issue was found in ImageMagick. When an application
processes a malformed TIFF file, it could lead to undefined behavior or a
crash causing a denial of service. (CVE-2022-3213)

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned char' at coders/psd.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32545)

A vulnerability was found in ImageMagick, causing an outside the range of
representable values of type 'unsigned long' at coders/pcl.c, when crafted
or untrusted input is processed. This leads to a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32546)

In ImageMagick, there is load of misaligned address for type 'double',
which requires 8 byte alignment and for type 'float', which requires 4
byte alignment at MagickCore/property.c. Whenever crafted or untrusted
input is processed by ImageMagick, this causes a negative impact to
application availability or other problems related to undefined behavior.
(CVE-2022-32547)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29054
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPPJFFJWUIW3K6NB472QVFG522DWQZET/
• https://ubuntu.com/security/notices/USN-5158-1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUE6OO6UE5NEQ2LYEJSEB2AXREVWZVMB/
• https://www.debian.org/lts/security/2022/dla-3007
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4SLHXE2O3IXMI4KAK7QSBITGXIK6OW2/
• https://lists.suse.com/pipermail/sle-security-updates/2022-May/011200.html
• https://ubuntu.com/security/notices/USN-5456-1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FYRR2QY5S3HG4B4EAPF6BVV54BZQPUX5/
• https://ubuntu.com/security/notices/USN-5534-1
• https://lists.suse.com/pipermail/sle-security-updates/2022-September/012065.html
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DQYFWVB5WL5D7BG6DWWI7RKZDHYKRQR6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LNVDNM4ZEIYPT3SLZHPYN7OG4CZLEXZJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6VPXZJUL64MXAMQ4JA6V6TYNOXDC6SQ/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/65CCSW6TK2CGQU6OYUEHQBBH6OSPKUJP/
• https://ubuntu.com/security/notices/USN-5736-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3574
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20309
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20313
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0284
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1114
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28463
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547

SRPMS

8/tainted

• imagemagick-7.1.0.52-1.1.mga8.tainted
• abydos-0.2.3-4.2.mga8.tainted
• transcode-1.1.7-29.2.mga8.tainted
• xine-lib1.2-1.2.11-1.2.mga8.tainted

8/core

• imagemagick-7.1.0.52-1.1.mga8
• abydos-0.2.3-4.2.mga8
• converseen-0.9.8.1-4.2.mga8
• digikam-7.1.0-4.2.mga8
• libopenshot-0.2.5-5.2.mga8
• php-imagick-3.4.5-0.git20201230.2.2.mga8
• synfig-1.2.2-11.2.mga8
• windowmaker-0.95.9-3.2.mga8
• xine-lib1.2-1.2.11-1.2.mga8
• zbar-0.23.1-5.2.mga8