An update for ImageMagick is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1219 Final 1.0 1.0 2021-06-12 Initial 2021-06-12 2021-06-12 openEuler SA Tool V1.0 2021-06-12 ImageMagick security update An update for ImageMagick is now available for openEuler-20.03-LTS-SP1. Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves. Security Fix(es): There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27753) TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-25667) In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.(CVE-2020-27756) An update for ImageMagick is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium ImageMagick https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1219 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-27753 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25667 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-27756 https://nvd.nist.gov/vuln/detail/CVE-2020-27753 https://nvd.nist.gov/vuln/detail/CVE-2020-25667 https://nvd.nist.gov/vuln/detail/CVE-2020-27756 openEuler-20.03-LTS-SP1 ImageMagick-debuginfo-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-help-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-perl-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-c++-devel-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-debugsource-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-devel-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-c++-6.9.10.67-25.oe1.aarch64.rpm ImageMagick-6.9.10.67-25.oe1.src.rpm ImageMagick-help-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-perl-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-debugsource-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-c++-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-debuginfo-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-c++-devel-6.9.10.67-25.oe1.x86_64.rpm ImageMagick-devel-6.9.10.67-25.oe1.x86_64.rpm There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. 2021-06-12 CVE-2020-27753 openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ImageMagick security update 2021-06-12 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1219 TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. 2021-06-12 CVE-2020-25667 openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ImageMagick security update 2021-06-12 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1219 In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0. 2021-06-12 CVE-2020-27756 openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H ImageMagick security update 2021-06-12 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1219