USN-5974-1: GraphicsMagick vulnerabilities

Read Time:2 Minute, 24 Second

It was discovered that GraphicsMagick was not properly performing bounds
checks when processing TGA image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted TGA image file, an attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184)

It was discovered that GraphicsMagick was not properly validating bits per
pixel data when processing DIB image files. If a user or automated system
were tricked into processing a specially crafted DIB image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2018-20189)

It was discovered that GraphicsMagick was not properly processing
bit-field mask values in BMP image files, which could result in the
execution of an infinite loop. If a user or automated system were tricked
into processing a specially crafted BMP image file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685)

It was discovered that GraphicsMagick was not properly validating data
used in arithmetic operations when processing MNG image files, which
could result in a divide-by-zero error. If a user or automated system were
tricked into processing a specially crafted MNG image file, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018)

It was discovered that GraphicsMagick was not properly performing bounds
checks when processing MIFF image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted MIFF image file, an attacker could possibly use this
issue to cause a denial of service or expose sensitive information. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2019-11006)

It was discovered that GraphicsMagick did not properly magnify certain
MNG image files, which could lead to a heap buffer overflow. If a user or
automated system were tricked into processing a specially crafted MNG
image file, an attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-12672)

It was discovered that GraphicsMagick was not properly performing bounds
checks when parsing certain MIFF image files, which could lead to a heap
buffer overflow. If a user or automated system were tricked into
processing a specially crafted MIFF image file, an attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2022-1270)

Cyber Security News

Lazarus Group Blamed for Atomic Wallet Heist

Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia

Smashing Security podcast #325: Rick Astley and the little birdie scam

Clop extortion gang gives MOVEit exploit victims one week to reach out

Network Perception wants to give more visibility into IoT

Now TikTok is even banned from US govt contractors’ personal smartphones

Cisco spotlights generative AI in security, collaboration

CISA and Partners Publish Guide For Remote Access Security

North Korean APT Group Kimsuky Expands Social Engineering Tactics

USN-5974-1: GraphicsMagick vulnerabilities

mariadb-10.5.20-1.fc38

mariadb-10.5.20-1.fc37

Defense in depth — the Microsoft way (part 85): escalation of privilege plus remote code execution with HVCISCAN.exe

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863

matrix-synapse-1.85.1-1.fc38

USN-6145-1: Sysstat vulnerabilities