ImageMagick Multiple Denial of Service Vulnerabilities

SA48679

CVE-2012-0259, CVE-2012-0260, CVE-2012-1610, CVE-2012-1798

05 Apr 2012

Less Critical

Vendor Patch

ImageMagick 6.x

From remote

DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Multiple vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with a components count of 0 can be exploited to access uninitialised or invalid memory via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

2) Insufficient validation in the "JPEGWarningHandler()" function (coders/jpeg.c) when handling JPEG restart markers may exhaust resources via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

3) An error in the "TIFFGetEXIFProperties()" function (coders/tiff.c) when parsing TIFF EXIF IFD may cause invalid memory to be read via a specially crafted TIFF image.

The vulnerability is reported in version 6.7.6-2 and prior.

4) An integer overflow error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with an overly large components count may result in invalid heap memory being read. A similar error exists in the "SyncImageProfiles()" function (magick/profile.c).

The vulnerability is reported in versions prior to 6.7.6-4.

Update to version 6.7.6-4 or apply patches.

1-3) Aleksis Kauppinen, Joonas Kuorilehto, and Tuomas Parttimaa of Codenomicon CROSS Project
4) Red Hat Security Response

ImageMagick:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629

CERT-FI:
http://www.cert.fi/en/reports/2012/vulnerability635606.html

Red Hat Security Response:
http://seclists.org/oss-sec/2012/q2/19