cnvd - cnvd-2017-07513

cnvd-2017-07513

Vulnerability from cnvd

Title: ImageMagick信息泄露漏洞（CNVD-2017-07513）

Description:

ImageMagick是美国ImageMagick Studio公司的一套开源的图象处理软件。该软件可读取、转换、写入多种格式的图片。

ImageMagick 7.0.5-2之前的版本中存在信息泄露漏洞，该漏洞源于coders/rle.c文件的‘ReadRLEImage’函数未能执行初始化步骤。攻击者可利用该漏洞获取进程空间内存中的敏感信息。

Severity: 低

Patch Name: ImageMagick信息泄露漏洞（CNVD-2017-07513）的补丁

Patch Description:

ImageMagick是美国ImageMagick Studio公司的一套开源的图象处理软件。该软件可读取、转换、写入多种格式的图片。

ImageMagick 7.0.5-2之前的版本中存在信息泄露漏洞，该漏洞源于coders/rle.c文件的‘ReadRLEImage’函数未能执行初始化步骤。攻击者可利用该漏洞获取进程空间内存中的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b

Reference: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html

Impacted products

Name
ImageMagick ImageMagick 7.0.5-2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98593"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9098"
    }
  },
  "description": "ImageMagick\u662f\u7f8e\u56fdImageMagick Studio\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u56fe\u8c61\u5904\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u8bfb\u53d6\u3001\u8f6c\u6362\u3001\u5199\u5165\u591a\u79cd\u683c\u5f0f\u7684\u56fe\u7247\u3002\r\n\r\nImageMagick 7.0.5-2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ecoders/rle.c\u6587\u4ef6\u7684\u2018ReadRLEImage\u2019\u51fd\u6570\u672a\u80fd\u6267\u884c\u521d\u59cb\u5316\u6b65\u9aa4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8fdb\u7a0b\u7a7a\u95f4\u5185\u5b58\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Chris Evans",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07513",
  "openTime": "2017-05-26",
  "patchDescription": "ImageMagick\u662f\u7f8e\u56fdImageMagick Studio\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u56fe\u8c61\u5904\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u8bfb\u53d6\u3001\u8f6c\u6362\u3001\u5199\u5165\u591a\u79cd\u683c\u5f0f\u7684\u56fe\u7247\u3002\r\n\r\nImageMagick 7.0.5-2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ecoders/rle.c\u6587\u4ef6\u7684\u2018ReadRLEImage\u2019\u51fd\u6570\u672a\u80fd\u6267\u884c\u521d\u59cb\u5316\u6b65\u9aa4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8fdb\u7a0b\u7a7a\u95f4\u5185\u5b58\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ImageMagick\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-07513\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "ImageMagick ImageMagick 7.0.5-2"
  },
  "referenceLink": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html",
  "serverity": "\u4f4e",
  "submitTime": "2017-05-23",
  "title": "ImageMagick\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-07513\uff09"
}

CVE-2017-9098 (GCVE-0-2017-9098)

Vulnerability from cvelistv5

Published

2017-05-19 19:00

Modified

2024-08-05 16:55

Severity ?

CWE

Summary

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

References

▼	URL	Tags
	http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c	x_refsource_MISC
	https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b	x_refsource_MISC
	http://www.securityfocus.com/bid/98593	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html	mailing-list, x_refsource_MLIST
	https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html	x_refsource_MISC
	http://www.debian.org/security/2017/dsa-3863	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:55:22.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b"
          },
          {
            "name": "98593",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98593"
          },
          {
            "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html"
          },
          {
            "name": "DSA-3863",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3863"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-03T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b"
        },
        {
          "name": "98593",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98593"
        },
        {
          "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html"
        },
        {
          "name": "DSA-3863",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c",
              "refsource": "MISC",
              "url": "http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c"
            },
            {
              "name": "https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b",
              "refsource": "MISC",
              "url": "https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b"
            },
            {
              "name": "98593",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98593"
            },
            {
              "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
            },
            {
              "name": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html",
              "refsource": "MISC",
              "url": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html"
            },
            {
              "name": "DSA-3863",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9098",
    "datePublished": "2017-05-19T19:00:00",
    "dateReserved": "2017-05-19T00:00:00",
    "dateUpdated": "2024-08-05T16:55:22.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted