Debian DSA-1903-1 : graphicsmagick - several vulnerabilities

critical Nessus Plugin ID 44768

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch).

- CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch).

- CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function.
It only affects the oldstable distribution (etch).

- CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch).

- CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch).

- CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch).

- CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file.

- CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image.

- CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.

- CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images.

- CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images.

- CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.

Solution

Upgrade the graphicsmagick packages.

For the oldstable distribution (etch), these problems have been fixed in version 1.1.7-13+etch1.

For the stable distribution (lenny), these problems have been fixed in version 1.1.11-3.2+lenny1.

For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.3.5-5.1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417862

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491439

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530946

https://security-tracker.debian.org/tracker/CVE-2007-1667

https://security-tracker.debian.org/tracker/CVE-2007-1797

https://security-tracker.debian.org/tracker/CVE-2007-4985

https://security-tracker.debian.org/tracker/CVE-2007-4986

https://security-tracker.debian.org/tracker/CVE-2007-4988

https://security-tracker.debian.org/tracker/CVE-2008-1096

https://security-tracker.debian.org/tracker/CVE-2008-3134

https://security-tracker.debian.org/tracker/CVE-2008-6070

https://security-tracker.debian.org/tracker/CVE-2008-6071

https://security-tracker.debian.org/tracker/CVE-2008-6072

https://security-tracker.debian.org/tracker/CVE-2008-6621

https://security-tracker.debian.org/tracker/CVE-2009-1882

https://www.debian.org/security/2009/dsa-1903

Plugin Details

Severity: Critical

ID: 44768

File Name: debian_DSA-1903.nasl

Version: 1.13

Type: local

Agent: unix

Published: 2/24/2010

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0, p-cpe:/a:debian:debian_linux:graphicsmagick

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/7/2009

Vulnerability Publication Date: 3/24/2007

Reference Information

CVE: CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621, CVE-2009-1882

CWE: 119, 189, 399

DSA: 1903