ALAS-2017-820

Description

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.(CVE-2017-6335 )The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.(CVE-2016-7997 )Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. (CVE-2016-7996 )The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." (CVE-2016-8684 )The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. (CVE-2016-8682 )The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." (CVE-2016-8683 )The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. (CVE-2016-9830 )Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. (CVE-2016-7800 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
GraphicsMagick GraphicsMagick-1.3.25-6.10.amzn1.x86_64
GraphicsMagick GraphicsMagick-1.3.25-6.10.amzn1.src
GraphicsMagick GraphicsMagick-1.3.25-6.10.amzn1.i686
GraphicsMagick-c++ GraphicsMagick-c++-1.3.25-6.10.amzn1.x86_64
GraphicsMagick-c++ GraphicsMagick-c++-1.3.25-6.10.amzn1.i686
GraphicsMagick-c++-devel GraphicsMagick-c++-devel-1.3.25-6.10.amzn1.x86_64
GraphicsMagick-c++-devel GraphicsMagick-c++-devel-1.3.25-6.10.amzn1.i686
GraphicsMagick-debuginfo GraphicsMagick-debuginfo-1.3.25-6.10.amzn1.x86_64
GraphicsMagick-debuginfo GraphicsMagick-debuginfo-1.3.25-6.10.amzn1.i686
GraphicsMagick-devel GraphicsMagick-devel-1.3.25-6.10.amzn1.x86_64
GraphicsMagick-devel GraphicsMagick-devel-1.3.25-6.10.amzn1.i686
GraphicsMagick-doc GraphicsMagick-doc-1.3.25-6.10.amzn1.noarch
GraphicsMagick-perl GraphicsMagick-perl-1.3.25-6.10.amzn1.i686
GraphicsMagick-perl GraphicsMagick-perl-1.3.25-6.10.amzn1.x86_64