[manjaro-security] [arch-security] [ASA-201609-6] graphicsmagick: multiple issues

Jelle van der Waa jelle at archlinux.org
Fri Sep 9 21:43:31 CEST 2016


Arch Linux Security Advisory ASA-201609-6
=========================================

Severity: Critical
Date    : 2016-09-09
CVE-ID  : CVE-2016-2317
Package : graphicsmagick
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package graphicsmagick before version 1.3.25-1 is vulnerable to
multiple issues.

Resolution
==========

Upgrade to 1.3.25-1

# pacman -Syu "graphicsmagick>=1.3.25-1"

The problem has been fixed upstream in version 1.3.25.

Workaround
==========

None.

Description
===========

1. A last instance of CVE-2016-2317 (heap buffer overflow) in the MVG
rendering code (also impacts SVG).  This problem was originally
reported by Gustavo Grieco.

2. A possible heap overflow of the EscapeParenthesis() function.
While I was not able to reproduce it for myself, the implementation is
replaced with a different algorithm.  This problem was reported by
Gustavo Grieco.

3. The Utah RLE reader did not validate that header information was
reasonable given the file size and so it could cause huge memory
allocations and/or consume huge amounts of CPU.  This problem was
reported by Agostino Sarubbo.

4. The TIFF reader had a bug pertaining to use of TIFFGetField() when
a 'count' value is returned.  The bug caused a heap read overflow (due
to using strlcpy() to copy a possibly unterminated string) which could
allow an untrusted file to crash the software.

Impact
======

An remote attacker is able to create specially crafted files that,
when opened or processed, may lead to denial of service or possibly
arbitrary code execution.

References
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317
http://www.openwall.com/lists/oss-security/2016/09/07/4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160909/4e8452e7/attachment.pgp>


More information about the manjaro-security mailing list