Denial of Service : GraphicsMagick < 1.3.32 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.113330

Categoría: Denial of Service

Título: GraphicsMagick < 1.3.32 Multiple Vulnerabilities - Windows

Resumen: GraphicsMagick is prone to multiple vulnerabilities.

Descripción: Summary:
GraphicsMagick is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- There is a heap-based buffer overflow in the WriteTGAImage function of tga.c,
which allows attackers to cause a denial of service via a crafted image file,
because the number of rows or columns can exceed the pixel-dimension
restrictions of the TGA specification.

- There is a heap-based buffer over-read in the ReadBMP Image function of bmp.c,
which allows attackers to cause a denial of service via a crafted bmp image file.
This only affects GraphicsMagick installations on 32-bit platforms
with customized BMP limits.

- The ReadDIBImage of dib.c has a vulnerability allowing a crash and denial of service
via a dib file that is crafted to appear with direct pixel values and also colomapping
and therefore lacks indexes initialization.

Vulnerability Impact:
Successful exploitation would allow an attacker to cause a denial of service.

Affected Software/OS:
GraphicsMagick prior to version 1.3.32.

Solution:
Update to GraphicsMagick version 1.3.32 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-20184
BugTraq ID: 106229
http://www.securityfocus.com/bid/106229
Debian Security Information: DSA-4640 (Google Search)
https://www.debian.org/security/2020/dsa-4640
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
https://sourceforge.net/p/graphicsmagick/bugs/583/
https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html
https://usn.ubuntu.com/4207-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20185
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
https://sourceforge.net/p/graphicsmagick/bugs/582/
Common Vulnerability Exposure (CVE) ID: CVE-2018-20189
BugTraq ID: 106227
http://www.securityfocus.com/bid/106227
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
https://sourceforge.net/p/graphicsmagick/bugs/585/

Copyright Copyright (C) 2019 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.113330
Categoría:	Denial of Service
Título:	GraphicsMagick < 1.3.32 Multiple Vulnerabilities - Windows
Resumen:	GraphicsMagick is prone to multiple vulnerabilities.
Descripción:	Summary: GraphicsMagick is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - There is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. - There is a heap-based buffer over-read in the ReadBMP Image function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations on 32-bit platforms with customized BMP limits. - The ReadDIBImage of dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colomapping and therefore lacks indexes initialization. Vulnerability Impact: Successful exploitation would allow an attacker to cause a denial of service. Affected Software/OS: GraphicsMagick prior to version 1.3.32. Solution: Update to GraphicsMagick version 1.3.32 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20184 BugTraq ID: 106229 http://www.securityfocus.com/bid/106229 Debian Security Information: DSA-4640 (Google Search) https://www.debian.org/security/2020/dsa-4640 http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b https://sourceforge.net/p/graphicsmagick/bugs/583/ https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html https://usn.ubuntu.com/4207-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20185 http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 https://sourceforge.net/p/graphicsmagick/bugs/582/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20189 BugTraq ID: 106227 http://www.securityfocus.com/bid/106227 http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589 https://sourceforge.net/p/graphicsmagick/bugs/585/
Copyright	Copyright (C) 2019 Greenbone AG