SB2016113008 - Gentoo update for ImageMagick 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016113008

SB2016113008 - Gentoo update for ImageMagick

Published: November 30, 2016 Updated: September 9, 2024

Security Bulletin ID SB2016113008
Severity
Critical
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 10% High 20% Medium 40% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2016-3714)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to insufficient filtering for filename passed to delegate's command. A remote attacker can create a specially crafted image containing shell metacharacters, trick the victim into opening it via application using ImageMagick, will trigger an input validation flaw and execute arbitrary shell commands with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

2) Input validation error (CVE-ID: CVE-2016-3715)

The vulnerability allows a remote attacker to delete arbitrary files on the target system.

The weakness exists due to input validation error. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger an error in the ephemeral pseudo-protocol and delete certain files on the affected system.

Successful exploitation of the vulnerability results in deletion of arbitrary files on the vulnerable system.

3) Security bypass (CVE-ID: CVE-2016-3716)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to properly prevent file move operations when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening, bypass security mechanism and move certain files on the affected system.

Successful exploitation of the vulnerability results in security bypass on the vulnerable system.

4) Information disclosure (CVE-ID: CVE-2016-3717)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening it, generate output files and obtain sensitive information.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

5) Server Side Request Forgery (CVE-ID: CVE-2016-3718)

The vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.

The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.

Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

6) Out-of-bounds read (CVE-ID: CVE-2016-5010)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.


7) Out-of-bounds read (CVE-ID: CVE-2016-5842)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.


8) Out-of-bounds read (CVE-ID: CVE-2016-6491)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.


9) Denial of service (CVE-ID: CVE-2016-7799)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness exists due to buffer over read caused by malicious file and allowing attackers to cause the affected application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

10) Arbitrary code execution (CVE-ID: CVE-2016-7906)

The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness exists due to use after free caused by a specially crafted image and letting attackers to execute arbitrary code or cause the application crash.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References